I was wondering can i get a link or something to somewhere i can report something.An IP from this company comcast.net has done a SCAN FIN on my computer and under attack class it said "Attempted Recon" therefore trying to gather some sort of information.And was seen by my FW as a medium threat and i am getting sick to DEATH of these bloody scans!!

I want something done about it.Its rediculous if these people can get away with this.This was no ordinary scan they tried to make a move on my computer.

Any help is as always greatly appreciated.

Laguna

if you did a whois on the IP address it will give you contact info to the owner of that address. since you say its comcast well they are an ISP and you would need to contact them as most likely its a dynamic address of an infected computer and they may or may not help? you should just set your firewall to drop all packets from that IP.

If i gave the IP to you would you do the WhoIs for me and you can give me the contact Details in a Pm.Im just not in the humour of installing another whois program.

And I can't find an option to drop packets from the IP address.
And also my firewall(kerio) just denied it if thats any good i read somewhere that kerio can drop packets i just cant find the option.

Here is a Link to the on-line who is

http://www.geektools.com/whois.php
When it gives you the info
Look for the "report abuse " address
Then send your report to that addy ( e-mail them)

This is an excellent site for looking up sites:

http://www.dnsstuff.com/

Ok i tried both those sites and all i got was this:

"Using 0 day old cached answer (or, you can get fresh results).
Displaying E-mail address (use sparingly -- this will make it more likely that you will trigger our rate limiting system).

Comcast Cable Communications Holdings, Inc RW2-NORTHEAST-1 (NET-24-60-0-0-1)
24.60.0.0 - 24.63.255.255
Comcast Cable Communications Holdings, Inc. BOSTON-6 (NET-24-60-0-0-2)
24.60.0.0 - 24.63.255.255"

If there is any info in there that isn't allowed to be posted im sorry and please any moderator feel free to remove it.

And the only bright side to this is that i told my firewall to drop all packets from that addy.

But no matter what WHOIS i use i cant get any contact details.

comcast.com click on "contact us" link. heres the deal your firewall at the moment sounds like it is dropping incoming sessions and thats kool the problem is if they find an exploit in your firewall (man in the middle or whatever) which is the purpose of a recon attack, well your SOL hehe, so you usualy configure the router to route the packets from that IP to nullzero so no matter what they are its just dropped not relying on the firewall, basicly routing it to nullzero will mitigate the stress on the firewall as it has to inspect the packet which uses processor and memory with a route it does not have to do this as it just blackholes the packet so it will mitigate a DoS attack more effectivly. understand? In a PIX firewall you can make it do this by issueing the shun command or dynamicly when an IDS sensor sees an attack it can tell the PIX to SHUN the source address, this is called shunning.