Re: Handling Scans.

["E, M" <freehold () EROLS COM>]

Caveat:  I do not experience a 'staggering number of scans daily', as
Abel says he does.  So it's probable I have a much larger luxury of
time.

That said, my first thought is that I don't know of any commercial
auto-response kind of 'conduct unbecoming a user' system but even if
there were one unavailable, I'd be personally leery of using it.  IMO it
would be too easy (everyone is swamped, right?  time's precious, right?)
to allow yet another task slipped out of human purview and potentially
black-holed into the bin of 'I'll get to that task later, meanwhile at
least the ISP's been notified'.

An irritation can morph into destructive at its next code evolution;
thus the priority of other-ISP involvement changes from 'hello, you have
a naughty user' to '#%$@! you need to do something about this *now*!'.
Will an auto-responder differentiate, know which ones require the
'#%$@!' notification, which ones need follow-up?   How about the ISP?
Are they more likely to black-hole an auto-notification?  (lol I have no
clue to the answers to these questions, btw.)

'Routine' user misbehaviour is IMO by necessity a fluctuating definition
depending on OS, hardware, users, policies, data protection level, etc.
I generally shrug off minor knock-knocks but everyone has to decide
their own level of 'minor'.  What I believe to be the Aggressive,
Obnoxious, Repetitive, or the Probably-Owned are subject to me notifying
the ISP and, if appropriate, following up.

I'm an old-fashioned girl: clinging to the idea that human judgment and
consistent hands-on monitoring are a necessary component of  security.
:)

Missy