>> my point is that you should always try to rDNS back the IP and
>> see who the domain is... then whois on both the domain AND the
>> ip number... the domain gets a complaint and the IP owner (the
>> domain's upstream) gets a complaint... this way, the upstream
>> can stop them if necessary...

 omc> MeaCulpa!!

not a problem > i learned it by fighting spammers and
tracing their uplines back until i found someone who would stand by their
terms of service and force those below them to cease and desist or would
drop the feed... it has worked wonders and in the case of spam, has caused
my spam problem to drop from 300+/week to maybe 5/week... less on most
weeks...

 omc> I assumed (you know what that will get you) that
 omc> both IP addresses were Dynamically Assigned, and
 omc> only the IP owner would (might) know who had it
 omc> (the IP address) at that given time..

this is true in some cases... those cases being those who actually log the
stuff... many don't due to the sheer volume of data...

 omc> At least a place to start looking.

yes, if you can get them to look... some ISPs are good, others are
excellent... most don't care or know how to do the job...

 omc> Nice to see one was tracked back to a "know" entity
 omc> :)  I wonder of the Person(s) with the ATTBI (Comcast)
 omc> address, might work for the place with the
 omc> WorldWideScam.com address...

its possible... i've known spammers (and hackers are in the same class in
many cases) who have numerous accounts all into their locations and they
come at you from several directions at once... hackers and script kiddies
group together and perform attacks in concert... then you have the IRC
based worm/attack tools that connect back to a central server and take
their commands from the controller... it was one of those that hit GRC.COM
a few times... many are just simple script kiddies who don't even have the
sourcecode to the tools they use... they just use a hexeditor on the tools
and adjust things within the file, directly...

i could go on but this really isn't the place... i just hope that i've been
able to help in some small way...

FWIW: the person who started this thread may have been seeing the effects
of a few of the new worms and exploits and it may not have been anyone
intentionally attacking their system on purpose... kinda like codered and
nimda... i still get codered v2 attacks on my server and nimda is up to
something like the 6th revision and still running around...

)\/(ark