as isotronicis was sayin, its those scans that are on polite it sends a packet every .04 seconds, which means if you have a IDS, its gonna go right under the radar, while this can be very time consuming for the attacker, he has all the time in the world. and i know i dont need to tell you guys this but once that scan is complete, and the attacker has scanned,firewalked (providing your not a proxy based FW) ran tracerouted as well as nessus on your network, if you havent noticed it....its probably not gonna be good.But MB has handled this situation very well so far, IMHO i dont think theres a point in taking it to the autoritys, he is probably reading this board and knows he can get proper f**ked if the right ppl are informed, so i wouldnt worry about it, hes obviously not that big of a worry sense, like we have been saying, he couldnt even carry out a DoS, so theres no nee dto say "yeah, but he could do this to someone else", just my 2cents though.