I totally disapprove of miscreants abusing ISS. ISS is intended for
scanning your own networks with which you are authorized to scan.
I highly recommend setting up tcp_wrappers and checking logs to see
if anyone is using ISS to knock on your doors. If so, please
report the site that the scanning is coming from to CERT and probably
would be a good idea to get in touch with the admin's of that site
by doing whois site.com or site.edu . Other possible ways to
protect yourself would be to block that site from your routers before the
scanning is complete if possible. Also, I highly recommend you check
your own security by running ISS so you know atleast what the intruder knows.
Christopher William Klaus Voice: (404)518-0099. Fax: (404)518-0030
Internet Security Systems, Inc. Computer Security Consulting
2209 Summit Place Drive, Atlanta, GA. 30350-2450.