In general this is a bad idea and you should stop doing it immediately. In the best case it would be seen by the other side as an attack on them from you. In the worst case they might retaliate even more against you with some other kind of attack. Considering that over 80% of spam is now sent by botnets (http://arstechnica.com/security/news/2009/06/report-botnets-send-over-80-of-all-spam-in-june.ars), you'd be scanning infected machines and not learning anything about anyone other than a home user's ISP, and risking that ISP from reporting YOU as an attacker to your ISP.
The best thing you could do (and even this will have marginal success) is to report the IP to the ISP that owns the address you received the spam from. They might be able to take that system offline. Otherwise, just block the suckers and move on. You probably have better things to do with your time. On Wed, Jul 1, 2009 at 3:37 PM, ghe<g...@slsware.com> wrote: > Wietse says something like "Spam is war -- RFCs don't apply." OK, but how > about nmap ethics? > > I've started hitting spam IPs and their nets with nmap to find out who they > are and maybe a little of what they're up to (and using the info to decide > if the net belongs in my packet filter). What's the opinion of the list? Is > this OK, or just plain rude? > > -- > Glenn English > g...@slsware.com > >
