A quick scan of the reverse mapping for your address space in DNS reveals that you have basically your entire network on public addresses. No wonder you're worried about portscans when the printer down the hall and the receptionists machine are sitting on public addresses. I think you are trying to secure your network from the wrong end here.
Your idea of "security" is strange and unrealistic. Putting all of your network behind NAT is not a guarantee of security. IPv4 is slowly grinding to a close. NAT has been an aid to reduce the requirement for routable IP space at many sites, but it has never been required to stick your entire network behind NAT. Anyone capable of justifying the IP space and acquiring it from an upstream ISP is able to put all their IP-enabled gizmos, no matter even if it's just a bunch of printers, scanners, UPS's, and other random IP-capable gear, on the public Internet. It should not be the operator community's job to be the arbiter of what devices are worthy of public IP space. And take that and think about it, because IPv6 is coming. This will encourage the deployment of networks that connect every IP-capable device in reach. This implies many things. It is clear that we've not done a real good job of designing IPv4 devices with sufficient layers of security to be able to stick random devices on the Internet without a firewall and some contemplation of rules, something I hope changes between now and IPv6 widespread deployment. The question shouldn't be about whether this gentleman is securing his network from the wrong end. In our neighbourhood, we don't have a high crime rate. Despite that, if we saw someone walking from house to house, trying doorknobs, we'd call the cops. The fact that everyone has locks on their doors does not make it all right for someone to go around from house to house to see if they're all locked. In that same fashion, there's no particular reason to expect that the gentleman who started this thread hasn't already provided some layers of protection for his network. Trying to address the attacker is a sane and reasonable next step. We have some real and difficult questions to address in terms of how much do we want to do in response to such complaints. There are a lot of potential impacts on operators for dealing with abuse complaints, but we should be aware that this issue isn't going to go away, that blaming the target site's security rather than the attacker is simply wrong, that we're going to see even more devices attached under IPv6, and that if we don't want legislative solutions handed to us to implement, I would expect that it's a better idea to stop people from doing things from your network that causes others to squawk (and obviously I'm talking about Covad and the Covad-emitted traffic here). ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.