Contact them to find out why. Maybe some one reported you as a open relay. May you are breaking some RFC. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -----Original Message----- > From: Luigi Grieco [mailto:l.grieco@xxxxxxxxxxxxxx] > Sent: Wednesday, September 24, 2003 10:16 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] R: RE: charlie.mail-abuse.org > > http://www.ISAserver.org > > > Thank you thomas, > but... do you know why he scan me? Can I create a packet filtering role for > cut out that ip address? > > Thanks again, > gg > > -----Messaggio originale----- > Da: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] > Inviato: mercoledì 24 settembre 2003 19.01 > A: [ISAserver.org Discussion List] > Oggetto: [isalist] RE: charlie.mail-abuse.org > > http://www.ISAserver.org > > > Hi Luigi, > > www.mail-abuse.org > > Whois info for, mail-abuse.org: > Registrant: > Mail Abuse Prevention System > 950 Charter Street > Redwood City, CA 94063 > US > > Domain name: MAIL-ABUSE.ORG > > Administrative Contact: > Contact, Domain hostmaster@xxxxxxxxxxxxxx > 950 Charter Street > Redwood City, CA 94063 > US > (650) 779-7080 Fax: (650) 779-7055 > > Technical Contact: > Contact, Domain hostmaster@xxxxxxxxxxxxxx > 950 Charter Street > Redwood City, CA 94063 > US > (650) 779-7080 Fax: (650) 779-7055 > > > > Registration Service Provider: > Retsiger, hostmaster+whois@xxxxxxxxxxxx > http://www.retsiger.com > > > > Registrar of Record: TUCOWS, INC. > Record last updated on 04-Jun-2003. > Record expires on 24-May-2004. > Record Created on 24-May-1999. > > Domain servers in listed order: > EAST1.MAIL-ABUSE.ORG 157.22.13.82 > WEST1.MAIL-ABUSE.ORG 204.152.184.196 > NS-EXT.VIX.COM > > > > > Thomas W Shinder > www.isaserver.org/shinder > ISA Server and Beyond: http://tinyurl.com/1jq1 > Configuring ISA Server: http://tinyurl.com/1llp > > > > > -----Original Message----- > From: Luigi Grieco [mailto:l.grieco@xxxxxxxxxxxxxx] > Sent: Wednesday, September 24, 2003 11:53 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] charlie.mail-abuse.org > > > http://www.ISAserver.org > > > > Hi to all! > > I'm receiving a lot of msg from my isa server: > > > "... ISA Server detected an all port scan attack from Internet Protocol > (IP) > address 204.152.187.128..." > > with nslookup: > > [CUT] > Non-authoritative answer: > Name: mail-abuse.org > Addresses: 204.152.184.196, 204.152.186.191, 168.61.5.195 > > > charlie.mail-abuse.org > Server: ns4.tin.it > Address: 212.216.112.112 > > DNS request timed out. > timeout was 2 seconds. > Non-authoritative answer: > Name: charlie.mail-abuse.org > Address: 204.152.187.128 > > [CUT] > > Any idea? Can I stop this situation? > > thanks to all, > gg > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > l.grieco@xxxxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > johnlist@xxxxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub')