Contact their ISP. Phil
----- Original Message ----- From: "Nick Edens" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 18, 2001 12:02 PM Subject: Re:RV: How to stop zombie scanners? Are there any legal actions that can be taken. I have the same problem. In fact the most recent ip address that has been attacking me was from some fortune 500 IT consultanting company. I would think there should be some room for recourse due to neglect. What do you all think? - Nick Edens Checker Distributors Sergio Erazo (10/16/01 5:14 PM): >Hi, > >Seems like the Right Thing to do... > >http://hogwash.sourceforge.net/ > > >Sergio Erazo > >-----Mensaje original----- >De: Sergio Erazo [mailto:[EMAIL PROTECTED]] >Enviado el: Lunes 8 de Octubre de 2001 11:37 >Para: [EMAIL PROTECTED] >Asunto: How to stop zombie scanners? > >Hi, > >I've set up a Linux box running snort a couple days ago. It's connected to >the public side (Internet)of our network. During this time, the log files >show *a lot* (80+) of zombie hosts trying to break into our servers, mostly >with IIS attacks (cmd.exe, Code Red v2, others). Tried LaBrea, the problem >is that we don't have any free IP address for this. > >Here are my questions: > >1. Do you know of any tool that can help preventing the flood that zombies >are sending into? > >2. Does the zombie traffic affects the total bandwidth of my Internet >connection? (MRTG shows a sustained use of 10-18Kbps...) > >Any help will be vastly appreciated. > >Sergio Erazo >Systems Support >SONDA