Last post for me on this thread... Dirty Networking 101 So the other morning I found a contact for a company who'll for now remain unamed, this contact is on this group...Sent them yet another message (3 this week): <new message> To whom it may concern, One of my servers has been heavily under attack for the past 24 hours from your IP space. There were 10726 attempts to log into my VoIP server within the last 24 hours. Please sanitize this machine from your network. Attached is the logfile. </new message> 10726 attacks in a variety of forms. Why should I NOT ban this network and its clients from reaching my networks. Can someone please help me understand the logic of being called something akin to a crybaby, spoiled sport, unfair admin since I am now going to block their /17? On to semi-relevant news... For those who care: Support Intelligence analyzed 22,000 ASNs for every kind of eCrime including DDoS, Scanning, hosting Malware, sending Spam, hosting a phish, or transmitting viruses ... 17 of the 100 networks listed are from ARIN. Six of the seventeen are from Time Warner. 5 are from Comcast, 2 are from Charter. http://blog.support-intelligence.com/2007/04/doa-week-14-2007.html That's their record. I now have 52 hosts dumping out syslog records and can name about 30+ networks of which some of the engineers from them are on this list. So what is their left to do when points of contact fail miserably. Maybe I will take a crack at writing a document based on the amount of waste whether its bandwidth, time or money in blocking venomous hosts from my subnets. Costs, benefits, experience, pros, cons. -- ==================================================== J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743 sil . infiltrated @ net http://www.infiltrated.net The happiness of society is the end of government. John Adams