Re: Scanning. Is it a consumer right?

[hyghlander () MINDSPRING COM (Don Tansey)]

<Mr. Preston's original post not included to keep the size down -
it is not intended to be a slight to the poster.>

Mr. Preston raises an intersting point that I had not thought of.

When all is said and done, a straight TCP/UDP portscan are packets coming your way.  They can be passed or dropped, and 
a log of them kept to keep tabs on future nefarious activity. I'm sorry, but I just don't buy the argument that it's 
cost in bandwidth and processor requirements to the host are reasons to condemn it. (With the caveat that if the 
activity reaches the level of a DoS attack all bets are off.)

Consumers are able to check into the solvency of publicly held companies and obtain credit reports from renters. They 
should have the opportunity to determine the security of a website with whom they conduct business. (Though I will stop 
short of calling it a 'right'.)

As I said in my original post though, you better believe that I would keep an eye on the IP addresses from which the 
scan came, and if the activity were any more intrusive than a simple TCP connect scan, exhibited any "stealth" 
characteristics <i.e. "halfscans" like Jackal or NMAP), or appeared to come from several places at once ;->  I'd sure 
as heck track it closely/follow it up.