Yea, I did a DNS lookup on the IP Address already. It's in China, that's why I think it is someone going through a proxy.

I just went throught my Web Server logs (the other was the FTP log) and I noticed that yesterday around the same time someone ran a scanner on my site. There were a whole bunch of common exploit attempts, and it was from the same IP Address. This guy is clearly out to get me.

Could you point me in the direction of where I can get more info on "DUMP ACL ,Sid 2 user , or Onsite Admin exploits". Maybe even some kind of scanner I can use to see if I am open for these type of attacks.

This guy is really getting to me. And I am still wondering how the hell he got a user list.