Hello,

I am not sure how you sent or worded your report to their ISP. Did you email the following users: abuse@domainname, postmaster@domainname, root@domainname, admin@domainname. Usually these accounts are setup and tracked.

The only other real thing you can do to eliminate the pest is put up a firewall from that IP number. Now, if he changes IP's, then he can come at you again. If that is a concern, then wipe out the whole domain. I cut down a pile of spam by preventing my linux box (my main server) from talking to anyone at yahoo.com To my server, and to my mailbox and anywhere else, a yahoo account is blind to me. I am considering hotmail too.... but not everyone has the luxuary of wiping out a whole domain.

Is he scanning you on all ports, or just a couple in particular? If he is targeting a few ports, say 23 (telnet), 25 (smtp), 80 (web) then make sure the services that belong to those ports are patched.

If you want to have some fun, you can use nmap to determine what kind of machine the bozo who is knocking on your door is using. When one guy hit me 250 times in a day, I ran his information, and provided his ISP with the IP information, and what kind of computer it was. They were prompt and professional, and well, shut the guy down.

It is normal to be scanned once in a while. That is the nature of web life. Someone might be curious, some college student trying out the scripts. No one really knows. But repeated hammering is a different story.

Good Luck,

Christian