* Tom Emerson
Previously I wrote:
One thought: since "nimda" comes from an infected SERVER (not a client) try browsing it by the advertised IP address
On a whim I decided to try it, then I found out/realized this is a "dhcp" address, meaning what hits you TODAY may come from a different source TOMORROW (and if you block THIS address, somewhere down the line a legitimate user may want to view your site, but "by chance" they happen to have the "blocked" IP address right then...)
Yes, it is a dhcp address as is mine. But, I have had the same ip for 15 months now. Unless you have problems, replace modem or leave the net for an extended period, it seems that they do not change the ip. I show an infinite lease on mine. ???
This might also explain (to a degree) why RR's techs don't want to deal with it: it is/was "transient", so if they looked "right now" it may not be a problem (or worse, you'd be fingering an innocent bystander) OF COURSE this means they would need to correlate your logs with theirs [via timestamps] "but that would require work" ;)
They may have finally got to 24.208.133.143. He was hitting me 15 to 20 times a day and the last time today was at 06:44 -0500 my time.
Overall your best bet is to contact the abuse department [which you're doing] and if they want to call it spam, call it spam -- it's not YOUR fault they have problems classifying abusive network traffic. Either way, this will eventually get that particular user/server "pulled" until they clean up their server, and "overall for the health of the net", that is a good thing :)
I believe that I will start reporting them all. Seems most are rr or rogersnet. One that has hit me 13 times today is 24.208.172.161, Videon CableSystems Alberta Inc VDN-MAX-IA (NET-24-108-168-0-1). No address for the ip contact via whois. The incidents have all been the /default.ida?XXXXXXXXXX type. Geektools says it is RR <grin>. -- Patrick Shanahan Please avoid TOFU and trim >quotes< http://wahoo.no-ip.org Registered Linux User #207535 icq#173753138 @ http://counter.li.org Linux, a continuous *learning* experience