This is a bounce from a post on Graffes, just piqued my curiousity, anyone know anything about SOE port scanning us?

They haven't scanned my host in the last 4 months. I would guess they never scanned me prior to that as well, however I don't have packet logs prior to that. Unless they are only looking for SQL services or have started an operation up in asia to do their scanning from, I haven't seen any evidence to make me think they are/have/will.

It's highly unlikely that they are/have/will portscan(ed) their customers. The data retrieved would be useless at best and cost them a whole lot of money in bandwidth.

Cheers,
-Egg

Without seeing the logging output, it would be hard to say if SoE ever engaged in portscanning. Typically, the biggest misidentified "port scans" are load balancers doing reverse pings/traceroutes/other techniques; defunct connections sending data back to closed ports (the EQ servers tend to flood data back even if the client's long since crashed/disconnected ungracefully); I've also seen connection attempts to a single closed port raise "port scan" warnings under some products.

Seen too many people cry "port scan" in the same way others cry "wolf". I'd agree with Eggman in saying that portscanning is a pointless exercise for SoE to engage in. I doubt they've ever done so.

The only regular portscanning that I'm aware of goes on commonly in the consumer industry is that some ISPs will scan their customers for open proxies, and they only do so over a very limited number of ports - a mere handful.