Re: Tracking down IP's
whois 172.16.72.113
IANA (IANA-BBLK-RESERVED)
Internet Assigned Numbers Authority
Information Sciences Institute
University of Southern California
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292-6695
Netname: IANA-BBLK-RESERVED
Netblock: 172.16.0.0 - 172.31.0.0
from what I remember 61662 is the favoured port of some form of widnoise
trojan
Jeff
ktb wrote:
>
> On Sun, Dec 31, 2000 at 12:16:59PM -0700, JD Kitch wrote:
> > Can anyone tell me what this person is looking for here, and how I
> > can find out where this is coming from?
> >
> > Security Violations
> > =-=-=-=-=-=-=-=-=-=
> > Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7632 F=0x0000 T=127 (#43)
> > Dec 31 11:06:53 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7712 F=0x0000 T=127 (#43)
> > Dec 31 11:06:59 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7713 F=0x0000 T=127 (#43)
> > Dec 31 11:07:06 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7716 F=0x0000 T=127 (#43)
> > Dec 31 11:07:13 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7724 F=0x0000 T=127 (#43)
> > Dec 31 11:07:19 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7725 F=0x0000 T=127 (#43)
> >
> > I've been unable to track it down. I've had pages and pages of this
> > every hour since early yesterday, always coming from the same IP, to
> > the same port.
> >
>
> You can do a search for the port at -
> http://www.snort.org/Database/portsearch.asp
>
> nslookup 172.16.72.113
> shows -
> **** can't find 172.16.72.113: Non-existent host/domain
>
> Can't help you any more than that.
> kent
>
> --
> "In order to make an apple pie from scratch,
> you must first create the universe."
> - Carl Sagan
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: