Hi, guys, I know it is not related to the linux at all, but here it is I've never done any cracking before, but this dude is bombarding my system with packets and he tries to connect to netbios-ns port on my system (ha-ha), I know of this nice utility netcat, and I know with combination with Nmap, I can teach him a lesson, according to Nmap scan of his ports he has port 5000 open, can anyone tell me what I can do to get the bustard of my system, I've configured firewall pretty tight, and I know it's none of you moderators who're trying to hack into my system (you have that IP logged thingy), you all have become a sort of family for me, everyday I am browsing the forums and trying to help others. Can anyone help me now?

Run a whois on his ip address and report him to his internet provider. Trying to crack his box is not the right way to go if you want the attacks to end.

I am aware of it, thank you mate, I am not going to crack it just wanted him off my system because it's gotten so annoying and disturbing.

If you give me his IP adress, I will pass it to a friend who can teach him a lesson.

I couldnt care less whether it is right or not... snots like that dont deserve jail time.. they deserve re-format and installation time

For sure, unfortunatelly it is a dynamic, but it doesn't seem he uses dial-up, he tries for a week now, I notified AOL (his provider) of this annoyance, never got the e-mail back, ignorance is a bliss, I guess. So what the f...? He wants to get a hold on netbios-ns port on linux system ( I am laughing my ass off), and I am just sending an e-mail after an e-mail to AOL with a snapshot from my logs, I believe it is the same user who keeps breaking in as a legitimate guest, no way. I believe AOL will have dignity to recognize the situation, I live in the United States where laws are the laws. We'll see what happens next.
P.S. Is it possible to track down a person even if he's changed IP? I mean I have a dynamic IP assigned to me everytime I log in. How he finds me? Or he has a pool of victims and tries them all?

Hehe... I like that.

I'd have to say that he not attacking you personally, since you have a dynamic IP. He is probably looking for any netbios weekness over a IP range.

What I have found helpful is to load all my firewall logs into a mysql database, so I can query unique IPs attacking a specific port. This will give you an accurate IP range; time of day; and durations of attacks. Is it always the same IP range? Same time of day/night? Netbios the only port he attacks? The database tells all in a quick and easy way.

Ehhh...
You've got one person.
I've got 10-15 different IPs everyday in logs along with DENY :-)))

No it is not the only person of course, there are different packets send requests occurring on my IP. Some benign like http, ftp ports try, they are closed, some to my LimeWire port and gtk-gnutella, but they are all ruled away, only this asshole was trying to figure out netbios-ns port entry along with asp port, none are open though, recently I had a bombardement of ssh port, of course I use ssh2 protocol to communicate with my box over ssh, so I guess it was useless for script-kiddies to get hold on this one.

Well, when writing about 10-15 IPs I do not mean those I see first time :-))
I've got everything filtred, so when I read my logs everyday it's much of it.
I'm beggining to think there are ONLY script-kiddies.
My favourite one was trying to get to ssh for about an hour (ssh is allowed only from one machine and only for one user). I had nice time watching it. But then it becomes boring...

Sure it does, I can see it, but man netbios-ns on linux system??? Com'on, he is probably got some script off hackers site without knowing what it does, but if he's gotten a pool of IP's he's scanning, then of course more than a half of them will be running windows. And about ssh, I had an attack on my ssh port, and my logs grew to almost 1 Meg, this is a disturbance, I wish I knew how to teach him/her a lesson (I never assume that script-kiddies are only men ) to drive his/her system to full reformat and re-install.

There is one nice method I know. I think it's perfectly legal, too.
The idea is simple: get his/her get into, but to specially prepared system with some nice files. One of them (named "important" may be a letter to the hacker when you can write all you think about this person).
How to do this? For sure you need some time. But there is software that can emulate badly-configured server. I can't now write any name, but it is available for sure.

It's called a honeypot which should attract plenty of crackers.

Yes, I know it's honetpot, but I was thinking about program names and websites. But I don't remember...

Sorry for replying so late.
Thank you guys, I've heard of the honeypot, and I think I know how to protect myself, especially from windows crackers/loosers.