There is a certain individual at a certain ISP in the .ro domain. I have yet to determine if this user is the owner of said ISP or if they are but a user. As it may be, this person has been responsible for many hacking attempts, including the destruction of several UNIX systems (rm -rf* after gaining root) in other ISP's. The person is also suspected to have been an initiator of Severl damaging SYN attacks, although the only solid proof is of the UNIX hacking. Anyway, to get to the point, I along with several others have been in contact with the ISP, which is aware of the individual's activity and refuses to deal with those activities since "there are no laws affecting his use of our system in this manner, and we have no recourse." So, my question to you folks is, would something like the intentional black holing of the source network for this user (he apparently sources all attacks from one swamp Class C address) be an appropriate incentive to the ISP to deal with the problem? If so, where would be a good place to announce such measures, their goal, evidence, etc? I can see how such a thing could easily get out of hand if it's not taken seriously. Chris A. Icide Nap.Net, L.L.C.