I see this guy in my logs as well. 10 to 1 that he's just another teenager who found some port scan software in a IRC chat room somewhere. Most of these port scans are harmless and just the hackers playing with their toys. However, some of these scans are used to determine just which method of attack would be best. Fortunately, ISA (properly configured) will prevent these scans and notify you of the attack. At the very least there should have been an event generated, but you could configure it to send mail or start an app also. Honestly, I ignore most of these unless they seem to be repeating over and over. The biggest offenders I see are SMTP spammers. I got a guy now in the UK trying to relay some 4000 addresses off me to sell his Bulk E-Mailer Software. No valid e-mail addresses of domain names so I had to contact his ISP. Yeah, I'm sitting here just waiting to hear how helpful his UK based ISP is going to be in resolving this one... Just as a heads up, I have attached the SPAM mail to this e-mail. The connections are coming from the 212.1.*.* subnet and are HTML connections. Send SPAM abuse reports to 'abuse@xxxxxxxxxxxxxx', the ISP is as follows; Telinco Internet Services plc (TELINCO2-DOM) Sirius House Alderly Road Chelford N/A, SK11 9AP UK Domain Name: TELINCO.NET Administrative Contact, Technical Contact: Telinco (TE360-ORG) naming@xxxxxxxxxxx Telinco Plc Sirius House, Alderley Road Chelford, Cheshire SK11 9AP UK +44 (0)1625 862 200 Fax- - +44 (0)1625 860 251 -Mark
Other related posts:
|