Spammer sending UDP packets to 1026. What can i do?

Using Kiwi syslog daemon, I have recently noticed a lot of inbound UDP and TCP/IP packets from 204.16.209.140 & 204.16.209.110 & 204.16.209.159 & 204.16.209.120 on many different ports including ports 1026. I assumed it was just some spammer trying to send pop-ups to anyone listening on 1027 but there are a lot of other ports they are sending UDP to. The whois returned the data below.  And I reported the traffic to their Abuse submission form. I doubt anything will happen.
         My question is, who else can I report this too? Besides blocking the IP range at my firewall, what else can I do to protect against it?  I'd like to forward the packets from that IP range to a linux box to get a look at them.

 Thanks for any help.


Search results for: 204.16.209.140


OrgName:    FAST COLOCATION SERVICES
OrgID:      FCS-73
Address:    3791 N. Edgewater Dr
City:       Wasilla
StateProv:  AK
PostalCode: 99654
Country:    US

NetRange:   204.16.208.0 - 204.16.211.255
CIDR:       204.16.208.0/22
NetName:    FC-BLK-1
NetHandle:  NET-204-16-208-0-1
Parent:     NET-204-0-0-0-0
NetType:    Direct Allocation
NameServer: SANDY.THEHIDEOUT.NET
NameServer: SANDY2.THEHIDEOUT.NET
Comment:    For Abuse Notices please visit http://www.fastcolocation.net/abuse/
RegDate:    2005-11-07
Updated:    2006-07-31

RAbuseHandle: NAD41-ARIN
RAbuseName:   NOC Abuse Department
RAbusePhone:  +1-703-637-6336
RAbuseEmail:  abusedept@fastcolocation.net

RNOCHandle: NOC1938-ARIN
RNOCName:   Network Operations Center
RNOCPhone:  +1-866-467-8946
RNOCEmail:  noc@fastcolocation.net

RTechHandle: NOC1938-ARIN
RTechName:   Network Operations Center
RTechPhone:  +1-866-467-8946
RTechEmail:  noc@fastcolocation.net

OrgAbuseHandle: NAD41-ARIN
OrgAbuseName:   NOC Abuse Department
OrgAbusePhone:  +1-703-637-6336
OrgAbuseEmail:  abusedept@fastcolocation.net

OrgTechHandle: NOC1938-ARIN
OrgTechName:   Network Operations Center
OrgTechPhone:  +1-866-467-8946
OrgTechEmail:  noc@fastcolocation.net

# ARIN WHOIS database, last updated 2007-03-19 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

LVL 1
msk100Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

natcomCommented:
there is not really much you can do. from what you already doing. the traffic  source can originate  from anywhere in the world spanners can just be using that  particular server for spanning make sure you have the messenger service disabled on all your systems.

perhaps a software firewall at OS level as well for extra protection.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.