I just checked my firewall log and in the past 5 hours, I had 6 port scans and active responses from the same IP address 34.168.1.34. I checked on WHOIS and e-mailed the dnsabuse address asking for the reason, an (obviously) automated response came firing back immediately saying that it did not come from them and must have been spoofed.
Is there anyway of proving or disproving this at all? The log also recorded the MAC addresses if this would help.
Only 6?
Blimey…Since installing the new Zonealarm the other day I’ve had 4521 attacks, 2271 classed as high rated :eek:
this is why I run a hardware firewall and pretty much only check i once in a while.
then I run over to grc.com and hve him scan me to see all is well. 
Like spam, expect port scans and other attacks as routine. I wouldn’t spend time to track one back unless it was particularly agressive.
That’s a decent site, it appears I’m locked down tight, good to know.