Am Montag 13 März 2017 13:02:47 schrieb L. Aaron Kaplan:
So, we now have two types that we are talking about: 1. Vulnerable and openly accessible ports 2. Potentially vulnerable (but not proven) and accessible ports
It depends, there are probably ISP/network owner who would want to be notified of some potentially vulnerable situation and others would rather not.
This challenge could be approached with * make automatic handling a lot easier, so ofr example if everything gets xarf files the recievers could more easily just ignore stuff on their end. Conclusion some notification should only be send out if their automated handling is easy.
* When it is not clearly vulnerable, a notifcation is a service. Maybe the isps/network owner can subscribe or unsubscribe to details of the service on their own. Like "Go to URL to opt out of the "potentially interesting" ports group".
Just my 2 Euro-¢, Bernhard