It's not that these are disagreeable people, mind you. These are simply people who refuse to accept how profoundly web has changed marketing and banding strategies. Sure, everyone has their own theories about how to promote their business on web, but by far, most whacked out are Number Nuts.

At risk of generating a few hundred thousand nasty e-mails, allow me to explain. Adnan's Second Law of Corporate Motivation clearly states that, "90 percent of world is driven by fear, while remaining 10 percent puts fear into first 90 percent". Number Nuts fall into first 90 percent, who figure if they bolster their delusional strategies with enough numbers, they won't lose their jobs because they can always blame bad data.

Ah I can tell by twinkle in your eye that you can already identify at least six of them in your office, right? For that reason, most Number Nuts (typically escaped inmates from large ad or media agencies) cling to outmoded techniques such as demographics for marketing on web.

Demographics is practice of dumping people's characteristics into quantifiable categories and then basing your strategy on those numbers. It could be "white, male mental patients between ages of 26 and 34" or "female psychiatrists in Detroit area over age of 40". You get idea.

This article contains information for web site owners and surfers regarding what to do when your system is continiously "probed" from same source, or if your site is compromised. Who you gonna call? KiddieBusters? (could be a good name for a web site?)

If you are running personal firewall software while surfing, you can actually do something with logs. You can send them to your ISP along with an incident description. They may be able to chase it up on your behalf. Better still, if you can identify IP address using a tracing program, send firewall log with trace results to owner of that address along with time, location etc.

I run traces on some of my logs, but this can also be a bit dangerous as there is a possibility that owner of address detects that you are "pinging"* them and therefore revealing your own IP address. Properly configured firewall software can minimise danger of this.

Also, IP address shown does not necessarily mean that it is Script Kiddie themselves. There are various cloaking devices that Kiddies use to hide their true origin, or may only refer to service they are using to launch attack. But it doesn't hurt to send IP owner a polite email to serve as an alert, especially if you have been able to establish a repetitive address.

How to write email? The following is a message I recently sent to an ISP. (the IP and port numbers have been replaced with x's).

------------------

Greetings,

I have been receiving a number of warning messages over last couple of days from my firewall software regarding an xxxx scan which seems to be originating from your service. Even as I am typing this I am receiving numerous warnings. It is currently 6.20pm Adelaide time, Monday 12 February. Could you please look into this for me as it is becoming highly annoying. Last night I had around 80 such warnings in 1 hour. Thanks. Below is my log of some of these scans and copy of trace results.

GMT,xxx.xxx.xxx.xxx:xxx,xxx.xxx.xxx.xxx:xxx,TCP FWIN,2001/02/12,18:15:18 +10:30 GMT,xxx.xxx.xxx.xxx:xxx,xxx.xxx.xxx.xxx:xxx,TCP FWIN,2001/02/12,18:19:00 +10:30 GMT,xxx.xxx.xxx.xxx:xxx,xxx.xxx.xxx.xxx:xxx,TCP FWIN,2001/02/12,18:19:08 +10:30 GMT,xxx.xxx.xxx.xxx:xxx,xxx.xxx.xxx.xxx:xxx,TCP FWIN,2001/02/12,18:19:38 +10:30 GMT,xxx.xxx.xxx.xxx:xxx,xxx.xxx.xxx.xxx:xxx,TCP FWIN,2001/02/12,18:19:38 +10:30 GMT,xxx.xxx.xxx.xxx:xxx,xxx.xxx.xxx.xxx:xxx,TCP FWIN,2001/02/12,18:19:54 +10:30 GMT,xxx.xxx.xxx.xxx:xxx,xxx.xxx.xxx.xxx:xxx,TCP FWIN,2001/02/12,18:19:56 +10:30 GMT,xxx.xxx.xxx.xxx:xxx,xxx.xxx.xxx.xxx:xxx,TCP FWIN,2001/02/12,18:21:00 +10:30 GMT,xxx.xxx.xxx.xxx:xxx,xxx.xxx.xxx.xxx:xxx,TCP FWIN,2001/02/12,18:21:04 +10:30 GMT,xxx.xxx.xxx.xxx:xxx,xxx.xxx.xxx.xxx:xxx,TCP

Please contact me if you require any further details.

----------------------

I also attached my "traceroute"** results, but have not included them here as they identify customer number. The ISP responded to my message and said that they had "contacted" customer. I received no further scans.