As I take security very, very seriously, I make it a point to log all portscans and respond to each and every one. By responding, I mean that I look up the ip address in question using the arin database, and send notification to the entity who is responsible for the offending ip address contained in their netblock. I'd say that 90% of these never amount to anything, but sometimes, this helps an admin find out that his system was compromised, or it kills the service of some script kiddie who is attempting to abuse others on the net. This small bit of work can help the Internet be a better place, and I encourage all admins to do the same.
Over the past two months, I have been recording exactly where these scans are coming from (Previously, I would oftentimes have an assistant admin take care of the arin lookup and email). The results have been shocking. The site averages 8 portscans a day (as I expected; this isn't so shocking). What is shocking is that 88% of the portscans come from an ip address homed in Asia.
It has been my professional experience that the ISPs responsible for these ip addresses are completely unresponsive (In this month, I received one email reply stating that they really don't care what their users do, and no reply from anyone else). This is really sad, as I would like to think that because the Internet is intended to be world wide, the world would take interest in keeping it clean.
My first thought was to ease my pain; block the whole damn netblock. According to certain laws that this company must operate under, they cannot have commerce with customers outside of the US. So, it would not harm the business if this entire netblock was blocked at the firewall.
But the ramifications of this scare me. As the use of proprietary technology on the web becomes more and more common, people are already cut off from viewing a great deal of content. With packets being dumped into the bit bucket just because they come from a specific place, the Internet could become even more Balkinized.
What does the community think of this? Please understand that this has nothing to do with the fact that the scans are coming from Asia, per se; I would be faced with the same issue if they all came from Europe, or Africa, or South America. Because the company cannot do business with customers outside the US anyways, do you think this is appropriate?