You can't always be sure that the attacker is malicous as their own machine might be infected or compromised without their knowledge. At least your software identified and blocked it.

A lot of "attacks" are background traffic. If u get zonealarm firewall u will rack up hundreds of thousands in a weekend.

A personal recommendation would be a router with built it firewall.

Yup. Do that and run Linux or Mac OS X and chill out....

yeah i get loads of prompts from medium to high risk attacks

i just close them - i dont bother checking to find out where they are, i used to but it happens so much

I'll post the IP on all the l33t bois sites, we'll pwn this bast back to the DOS age!

The poor bastard's probably got a virus, and it's port-scanning for the next victim.

C:\Program Files\nmap-3.81>nmap -v -O 81.210.63.226

Starting nmap 3.81 ( http://www.insecure.org/nmap ) at 2005-08-05 10:28 W. Europ
e Daylight Time
Initiating SYN Stealth Scan against ns2.citysat.com.pl (81.210.63.226) [1663 por
ts] at 10:28
Discovered open port 82/tcp on 81.210.63.226
Discovered open port 83/tcp on 81.210.63.226
SYN Stealth Scan Timing: About 14.25% done; ETC: 10:32 (0:03:01 remaining)
Discovered open port 81/tcp on 81.210.63.226
SYN Stealth Scan Timing: About 87.09% done; ETC: 10:33 (0:00:31 remaining)
The SYN Stealth Scan took 234.44s to scan 1663 total ports.
For OSScan assuming port 81 is open, 80 is closed, and neither are firewalled
Host ns2.citysat.com.pl (81.210.63.226) appears to be up ... good.
Interesting ports on ns2.citysat.com.pl (81.210.63.226):
(The 1657 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
80/tcp closed http
81/tcp open hosts2-ns
82/tcp open xfer
83/tcp open mit-ml-dev
84/tcp closed ctf
200/tcp closed src
Device type: general purpose
Running: Linux 2.4.X|2.6.X
OS details: Linux 2.4.18 - 2.4.19 w/o tcp_timestamps, Linux 2.4.19 (Mandrake, X8
6), Linux 2.4.7 (x86), Linux 2.6.0-test5-love3 (x86)
TCP Sequence Prediction: Class=random positive increments
Difficulty=1684711 (Good luck!)
IPID Sequence Generation: All zeros

Nmap finished: 1 IP address (1 host up) scanned in 240.566 seconds
Raw packets sent: 6653 (266KB) | Rcvd: 68 (3278B)

Colour me impressed sirmartyntf. But what does all that mean?

and lol @ nips I wish I had the skillz to do that!

Sorry, I think this scan reveals that you're dealing with a wannabe-leet hacker.

I've scanned machines that were probing me before and the results look very different if it's a zombie or a malware-ridden machine: lots of open ports on those. Ports that nmap recognizes as known backdoors/ remote-control tools.

This one is different... Running linux, albeit a beginner's distro and almost no open ports none of those running known 'suspicious' services.

Edit: How appropriate, machine seems to be an xbox running linux.

Report his IP address to his ISP:

(normally abuse@%ispname%.com )

/CS