Re: Tracking down IP's

To: JD Kitch <adahma@gmx.net>
Cc: Debian List <debian-user@lists.debian.org>
Subject: Re: Tracking down IP's
From: Robert Waldner <Waldner@KPNQwest.at>
Date: Sun, 31 Dec 2000 20:59:59 +0100
Message-id: <[🔎] 200012311959.UAA10119@cruncher.Austria.EU.net>
In-reply-to: Your message of "Sun, 31 Dec 2000 12:16:59 MST." <[🔎] 20001231121659.A19593@starport.org>

On Sun, 31 Dec 2000 12:16:59 MST, JD Kitch writes:
>Can anyone tell me what this person is looking for here, and how I
>can find out where this is coming from?

port 161 is snmp, so it looks like someone´s trying to get information 
 about your machine (or something at your ISP or the like is 
 misconfigured), proto 17 is UDP which fits snugly since snmp is 
 udp-based.

>Security Violations
>=-=-=-=-=-=-=-=-=-=
>Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xx
>x.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7632 F=0x0000 T=127 (#43)
<snip>
>I've been unable to track it down.  I've had pages and pages of this
>every hour since early yesterday, always coming from the same IP, to
>the same port.

look for the ip-adress with
whois -h whois.[ripe|arin|apnic].net <ipaddress>
and complain to the ISP/organization responsible for it.

hth,
&rw
-- 
/  Ing. Robert Waldner  | Network Engineer | T: +43 1 89933  F: x533 \ 
\ <Waldner@KPNQwest.at> |    KPNQwest/AT   | Diefenbachg. 35, A-1150 /

Reply to:

References:
- Tracking down IP's
  - From: JD Kitch <adahma@gmx.net>

Prev by Date: Re: Installing KDE 2 using apt-get
Next by Date: Re: Tracking down IP's
Previous by thread: Re: Tracking down IP's
Next by thread: Re: Tracking down IP's
Index(es):
- Date
- Thread