Intruder Alert reports of attacks on port 80 on a regular basis. The ip address is always the same for that session. The next time it might be a different address. However I.A. cannot trace the source. Tracert is successfull, but what next? Is the intruder really being blocked out? What can be done to stop the madness?