Re: Tracking down IP's
On Sun, 31 Dec 2000 12:16:59 MST, JD Kitch writes:
>Can anyone tell me what this person is looking for here, and how I
>can find out where this is coming from?
port 161 is snmp, so it looks like someone´s trying to get information
about your machine (or something at your ISP or the like is
misconfigured), proto 17 is UDP which fits snugly since snmp is
udp-based.
>Security Violations
>=-=-=-=-=-=-=-=-=-=
>Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xx
>x.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7632 F=0x0000 T=127 (#43)
<snip>
>I've been unable to track it down. I've had pages and pages of this
>every hour since early yesterday, always coming from the same IP, to
>the same port.
look for the ip-adress with
whois -h whois.[ripe|arin|apnic].net <ipaddress>
and complain to the ISP/organization responsible for it.
hth,
&rw
--
/ Ing. Robert Waldner | Network Engineer | T: +43 1 89933 F: x533 \
\ <Waldner@KPNQwest.at> | KPNQwest/AT | Diefenbachg. 35, A-1150 /
Reply to: