A few days ago, someone decided that my web server would be good to use for caching (no, I have no idea why... I'm not even running squid or wwwoffle) and I started getting a couple log messages a day about webcache connection attempts from his (fixed) IP address. Investigating, it turned out that something was listening on 8080, but it turned itself off before I could identify it. (Which worries me, but that's beside the point...) Since then, I've been seeing an increased number of webcache attempts from him, which is getting really obnoxious. He doesn't have any reverse-DNS information for his box or the two directly upstream. Then traceroute shows a gd.cn.net address (root at gd.cn.net bounces, root at cn.net appears to be undeliverable in a fashion that sits around for several days before MTAs give up on it), 4 more unnamed IPs, and then (8 hops before the machine which is bugging me) a whole bunch of alter.net machines. I'm fairly sure he's on a Win32 box (no telnetd, no fingerd, no httpd, no smtpd, and it was turned off in the wee hours the one time I got desperate enough to try getting information via nmap), but that and his IP address are all I know. Where do I go from here in trying to either find out who this guy is or find someone who does know and will tell him to knock it off? -- "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist "So does syphillis. Good thing we have penicillin." - Matthew Alton Geek Code 3.1: GCS d- s+: a- C++ UL++$ P+>+++ L+++>++++ E- W--(++) N+ o+ !K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI++++ D G e* h+ r++ y+ --------------------------------------------------------------------- To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org For additional commands, e-mail: tclug-list-help at mn-linux.org