A few days ago, someone decided that my web server would be good to use for
caching (no, I have no idea why...  I'm not even running squid or wwwoffle)
and I started getting a couple log messages a day about webcache connection
attempts from his (fixed) IP address.

Investigating, it turned out that something was listening on 8080, but it
turned itself off before I could identify it.  (Which worries me, but that's
beside the point...)  Since then, I've been seeing an increased number of
webcache attempts from him, which is getting really obnoxious.

He doesn't have any reverse-DNS information for his box or the two directly
upstream.  Then traceroute shows a gd.cn.net address (root at gd.cn.net bounces,
root at cn.net appears to be undeliverable in a fashion that sits around for
several days before MTAs give up on it), 4 more unnamed IPs, and then (8
hops before the machine which is bugging me) a whole bunch of alter.net
machines.

I'm fairly sure he's on a Win32 box (no telnetd, no fingerd, no httpd, no
smtpd, and it was turned off in the wee hours the one time I got desperate
enough to try getting information via nmap), but that and his IP address are
all I know.

Where do I go from here in trying to either find out who this guy is or find
someone who does know and will tell him to knock it off?

-- 
"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
"So does syphillis. Good thing we have penicillin." - Matthew Alton
Geek Code 3.1:  GCS d- s+: a- C++ UL++$ P+>+++ L+++>++++ E- W--(++) N+ o+
!K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI++++ D G e* h+ r++ y+

---------------------------------------------------------------------
To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org
For additional commands, e-mail: tclug-list-help at mn-linux.org