Re: Tracking down IP's

To: Debian List <debian-user@lists.debian.org>
Subject: Re: Tracking down IP's
From: Jeff Green <jeff@cricinfo.com>
Date: Sun, 31 Dec 2000 19:47:44 +0000
Message-id: <[🔎] 3A4F8D60.CDE91341@cricinfo.com>
References: <[🔎] 20001231121659.A19593@starport.org> <[🔎] 20001231133402.A23654@debian.local>

whois 172.16.72.113
IANA (IANA-BBLK-RESERVED)
   Internet Assigned Numbers Authority
   Information Sciences Institute
   University of Southern California
   4676 Admiralty Way, Suite 330
   Marina del Rey, CA 90292-6695

   Netname: IANA-BBLK-RESERVED
   Netblock: 172.16.0.0 - 172.31.0.0

from what I remember 61662 is the favoured port of some form of widnoise
trojan 
Jeff

ktb wrote:
> 
> On Sun, Dec 31, 2000 at 12:16:59PM -0700, JD Kitch wrote:
> > Can anyone tell me what this person is looking for here, and how I
> > can find out where this is coming from?
> >
> > Security Violations
> > =-=-=-=-=-=-=-=-=-=
> > Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7632 F=0x0000 T=127 (#43)
> > Dec 31 11:06:53 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7712 F=0x0000 T=127 (#43)
> > Dec 31 11:06:59 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7713 F=0x0000 T=127 (#43)
> > Dec 31 11:07:06 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7716 F=0x0000 T=127 (#43)
> > Dec 31 11:07:13 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7724 F=0x0000 T=127 (#43)
> > Dec 31 11:07:19 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7725 F=0x0000 T=127 (#43)
> >
> > I've been unable to track it down.  I've had pages and pages of this
> > every hour since early yesterday, always coming from the same IP, to
> > the same port.
> >
> 
>         You can do a search for the port at -
>         http://www.snort.org/Database/portsearch.asp
> 
>         nslookup 172.16.72.113
>         shows -
>         **** can't find 172.16.72.113: Non-existent host/domain
> 
>         Can't help you any more than that.
>         kent
> 
> --
>   "In order to make an apple pie from scratch,
>       you must first create the universe."
>                  - Carl Sagan
> 
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Tracking down IP's
  - From: JD Kitch <adahma@gmx.net>
- Re: Tracking down IP's
  - From: ktb <x.y.f@home.com>

Prev by Date: Re: imwheel
Next by Date: Re: Tracking down IP's
Previous by thread: Re: Tracking down IP's
Next by thread: Re: Tracking down IP's
Index(es):
- Date
- Thread