At 05:22 PM 7/15/2003 +0100, you wrote:
I am sick to death of getting this: Active System Attack Alerts =-=-=-=-=-=-=-=-=-=-=-=-=-= Jul 15 16:49:17 ns1 portsentry[1216]: attackalert: Connect from host: 63.215.251.101/63.215.251.101 to UDP port: 135 Jul 15 16:49:17 ns1 portsentry[1216]: attackalert: Host: 63.215.251.101 is already blocked. Ignoring OK so its not actually getting through, but this same IP address (level3 apparently) has been doing this every 15 minutes for hours on end for weeks. I have told level3 about it countless times, but they don't even acknowledge my emails. Any ideas as to what I can do? What are they up to?
Hello Simon, I think that is a Windows vulnerability they are trying to exploit?Level3 has a number of paying clients that I have reported as blatant repeat spammers. I see them rejected everyday from the same server. You can't ping back, though I found them through Whois and eventually got NS info from digging quite a bit.
Really the only thing you can do is send their abuse admin a copy and send the FTC another (copy). This is a royal pain-in-the-a** because the FTC makes you fill a form every time you submit. Otherwise keep them blocked and disregard unless you want to fire some packets back (not advisable).
Glenn