Which DNS authority to report to

Hi there,
Running server 2008 domain.  Running TS Webaccess so that my users can work on a couple of databases. A couple of users try to abuse the system.  I know the IP addresses.  What should be done at this point.  What is the best option for me.  Which DNS authority to report to?
Imagining that thir ISP is doing nothing.  Any help in this regard would be appreciated.
amanzoorNetwork infrastructure AdminAsked:
Who is Participating?
giltjrConnect With a Mentor Commented:
You don't report to DNS authority.  You go to the ISP that has delagated the IP address.  You can go to ARIN at:


Search on hackers and see their recommendations.
Dave HoweConnect With a Mentor Software and Hardware EngineerCommented:
normally you would do a whois on the user ip and report to their isp - but you would *also* (unless you believe one of your users share an isp) block the entire IP block for that ISP at the firewall.

I would be surprised if the report does anything though - I have blocked the whole of china (upwards of 200 attacks seen per day, with no response from isps) and have at least 20 other blocks of IPs on the list.
Dave HoweSoftware and Hardware EngineerCommented:
other common approaches -

move TS to a port above 5000 - most attackers try only "common" ports, and this will reduce your attack profile almost instantly.

make sure you are using ssl certificates for your RDP - again, makes it harder for the attacker, and many will either move on, or not recognise the TS is there.
amanzoorNetwork infrastructure AdminAuthor Commented:
Thanks Guys:
I really appreciate your time, I like the idea of blocking onto the firewall and using ssl.
THanks once again.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.