I would normaly contact the 2nd level domain admin.. using the whois information, or I look to the their 2nd level domain web page, to see if there are any contact phone numbers, or email's for such thing.. also abuse at 2ndlevel.dom is also common for ISP's Thank You, Ben Kochie (ben at nerp.net) *-----------------------* [ - * - * - * - * - * - * - * - ] | Unix/Linux Consulting | [ Haiku Error Message: ] | PC/Mac Repair | [ Chaos reigns within. ] | Networking | [ Reflect, repent, and reboot. ] | http://nerp.net | [ Order shall return. ] *-----------------------* [ - * - * - * - * - * - * - * - ] "Unix is user friendly, Its just picky about its friends." On Mon, 26 Jun 2000, Carl Wilhelm Soderstrom wrote: > I seem to be getting portscans of my network from > 166.49.72.158; which, when I nmap, shows up as > 'live-split.wtn.rbn.com'. this seems to be one of Real Networks' > servers. > > what's the proper netiquette for alerting some host that they might > have been compromised? > > Carl Soderstrom > _________________________________________ > Systems Administrator 307 Brighton Ave. > Minnesota DHIA Buffalo, MN > carls at agritech.com (763) 682-1091 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org > For additional commands, e-mail: tclug-list-help at mn-linux.org > --------------------------------------------------------------------- To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org For additional commands, e-mail: tclug-list-help at mn-linux.org