"portscans" (was Re: Arbor Networks DoS defense product)

Not that this neverending thread hasn't been an absolute blast, but I
was thinking maybe if I pointed out that this has been and is already
being done by several commercial and non-commercial groups, we could
put an end to the "landmine" discussion?

For example, see,


For a list of naughty hosts and nets. And there are any number of
commerical solutions. For example, I believe SecurityFocus's ARIS does
this kind of thing,


Pretty much all of the big IS security companies do.

NIDS data from various sites is shipped off to a central database
where the data is crunched, and then the distilled information is
pushed back out. Pretty much the same concept?