[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Intrusion Attempts

On Tue, 03 Dec 2002 at 09:19:28PM -0500, Trawets53@aol.com wrote:
> Hi. Can you help me. Who do I report the above to. I have 2 firewalls running 
> and tonight I was attacked from the same address 172 times in less than an 
> hour. These people want banning off the net. It is certainly a violation of 
> my privacy. A dozen times is an excuse but 172, I ask you. Please come back.

You can usually find the domain associated with the ip by doing a
reverse lookup:

dig -x ipaddress

Make sure to take the results from your lookup above and look that up to
make sure they match.


I do this first:
dig -x

and get: 604800  IN      PTR     localhost.

then I:

dig localhost

and I get:
localhost.              604800  IN      A

They match, wonderful.  Now I go to www.localhost and see if they have
an address to report logs of undesireables to.  If not I'll:

dig localhost SOA
and get:

localhost.              604800  IN      SOA     localhost.
root.localhost. 1 604800 86400 2419200 604800

hmm...root.localhost, I bet you he can at least forward the email to the
right person (since they are too lame to list that person on their
web site).

If all else fails do a whois lookup on the IP

whois ipaddress

and find one of the contacts listed there and bug them :)

There is always an iptables blacklist you can set up and block the
entire 24 (or 16, ouch) bit network if the admins do not take care of
the undesireables.



wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
Excuse #14: Somebody was calculating pi on the server 

Reply to: