----- Original Message -----
From: "jim deleskie" <deleskie@gmail.com>
Why swing such a big hammer. Even blocking those 2 IP's will isolate your users, and fill your support queue's.
Set up a DNS server locally to reply to those IP's Your customers stay up and running and blissfully unaware.
Log the IP's hitting your DNS servers on those IP and have your support reach out to them in a controlled way, or reply to any request via DNS with an internal host that has a web page explaining what is broken and how they can fix it avoiding at least some of the calls to your helpdesk.
Jim's right, of course. In my defense, it *was* 9 am, and I hadn't had any caffeine yet. ;-} Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274