"This is an Internet-scale port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second, from a single machine."
Then it seems that it has a link to its github page by default in the User-Agent string it uses while scanning.
When you do that you can only get abuse in return, can't you?
If someone's scanning the internet at that speed, that means you get less than one packet per five minutes for each IPv4 you have. Hardly something to whine about.
If one person in the world is scanning, yes. Ten persons => 1 packet every 30 seconds. 100 000 persons => 1 packet every 3ms. Suddenly doesn't look that innocent, right?
So in this situation where you have an absolutely ridiculous number of people flooding the internet with scans, all on multi-gigabit connections, it eats up a whole 20 kilobytes per second.
10 000 persons doing this simultaneously is also an insane number, and that's 2 kilobytes per second.
Mine got disconnected for about 30 minutes. Then I just calculated the rate I needed for the duration I found acceptable (one week for a single country) and let it run at this rate; no issue then.
i'd say "the internet" is the biggest "network of networks" and ipv6 is not really a part but a separate network ie. not interoperable with "the internet". maybe it will be more important some day, but not today.
If you are running this tool, you are sending packets from a single machine to N remote hosts, so logically the strain and bottleneck should be at your end and I can't see how this should cause much of a burden several hops away.
At the destination this should be a small fraction of the usual "Internet background noise" which is usually a negligible fraction of the available bandwidth.
You can separate transmit and receive IPs, if your tx network does not implement source filtering.
So you can tx from one place and receive from one or more other places "sensors" that you use to receive SYN-ACKs.
You can use several (an arbitrary number) of spoofed source IPs on tx to hide your "real" rx IPs, at the cost of more egress traffic.
There is a technique involving ipids (idle scanning) you can use which does not reveal your IP at all but it is not reliable; read: not usable beyond very tiny scale. You could put a lot of effort into it but it's not worth it. Nobody beyond a few vociferous cranks _really_ cares about IP scanning.
The real way to stay off radars (eg dshield) while mass scanning is have a ton of unrelated IPs and scan as slow as you can stand. This assumes good randomization (not obviously striping across networks from the same IP).
Individual users running massscan et al, are not going to produce anything like the level of traffic all the major providers (and quite a few sitest that aren't that large) see from DDoS attacks on a pretty regular basis.
Given that there are several sites who scan the Internet regularly for more than just open ports (e.g. Shodan, Binary Edge, Censys) it's not a volume of traffic that should cause a concern.
"This is an Internet-scale port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second, from a single machine."
Then it seems that it has a link to its github page by default in the User-Agent string it uses while scanning.
When you do that you can only get abuse in return, can't you?