Re: Intrusion Attempts
On Tue, 03 Dec 2002 at 09:19:28PM -0500, Trawets53@aol.com wrote:
> Hi. Can you help me. Who do I report the above to. I have 2 firewalls running
> and tonight I was attacked from the same address 172 times in less than an
> hour. These people want banning off the net. It is certainly a violation of
> my privacy. A dozen times is an excuse but 172, I ask you. Please come back.
You can usually find the domain associated with the ip by doing a
reverse lookup:
dig -x ipaddress
Make sure to take the results from your lookup above and look that up to
make sure they match.
IE:
I do this first:
dig -x 127.0.0.1
and get:
1.0.0.127.in-addr.arpa. 604800 IN PTR localhost.
then I:
dig localhost
and I get:
localhost. 604800 IN A 127.0.0.1
They match, wonderful. Now I go to www.localhost and see if they have
an address to report logs of undesireables to. If not I'll:
dig localhost SOA
and get:
localhost. 604800 IN SOA localhost.
root.localhost. 1 604800 86400 2419200 604800
hmm...root.localhost, I bet you he can at least forward the email to the
right person (since they are too lame to list that person on their
web site).
If all else fails do a whois lookup on the IP
whois ipaddress
and find one of the contacts listed there and bug them :)
There is always an iptables blacklist you can set up and block the
entire 24 (or 16, ouch) bit network if the admins do not take care of
the undesireables.
Regards,
--
Phil
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
--
Excuse #14: Somebody was calculating pi on the server
Reply to: