Re: Intrusion Attempts
On Tue, 03 Dec 2002 at 09:19:28PM -0500, Trawets53@aol.com wrote:
> Hi. Can you help me. Who do I report the above to. I have 2 firewalls running
> and tonight I was attacked from the same address 172 times in less than an
> hour. These people want banning off the net. It is certainly a violation of
> my privacy. A dozen times is an excuse but 172, I ask you. Please come back.
You can usually find the domain associated with the ip by doing a
dig -x ipaddress
Make sure to take the results from your lookup above and look that up to
make sure they match.
I do this first:
dig -x 127.0.0.1
220.127.116.11.in-addr.arpa. 604800 IN PTR localhost.
and I get:
localhost. 604800 IN A 127.0.0.1
They match, wonderful. Now I go to www.localhost and see if they have
an address to report logs of undesireables to. If not I'll:
dig localhost SOA
localhost. 604800 IN SOA localhost.
root.localhost. 1 604800 86400 2419200 604800
hmm...root.localhost, I bet you he can at least forward the email to the
right person (since they are too lame to list that person on their
If all else fails do a whois lookup on the IP
and find one of the contacts listed there and bug them :)
There is always an iptables blacklist you can set up and block the
entire 24 (or 16, ouch) bit network if the admins do not take care of
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
Excuse #14: Somebody was calculating pi on the server