Hello. My packet filter ruleset catched somebody on port scanning one of our host. He or she tryed to scan a very big port range from tcp 1 up to 32000 (think with nmap), but my packet filter denied his/her queries (the kernel generated 1 mb log in 3 minutes with the denied packets). I have his/her ipv4 address, and i would like to ask, what should i do know? i figured out from the ripe.net whois db, that the ip is owned by one of the ISP's from my country, is it possible, that the scanner cracked the isp's machine, then pushed the scan from there?
Thanks, Daniel