On Tue, 03 Dec 2002 at 09:19:28PM -0500, [EMAIL PROTECTED] wrote: > Hi. Can you help me. Who do I report the above to. I have 2 firewalls running > and tonight I was attacked from the same address 172 times in less than an > hour. These people want banning off the net. It is certainly a violation of > my privacy. A dozen times is an excuse but 172, I ask you. Please come back.
You can usually find the domain associated with the ip by doing a reverse lookup: dig -x ipaddress Make sure to take the results from your lookup above and look that up to make sure they match. IE: I do this first: dig -x 127.0.0.1 and get: 1.0.0.127.in-addr.arpa. 604800 IN PTR localhost. then I: dig localhost and I get: localhost. 604800 IN A 127.0.0.1 They match, wonderful. Now I go to www.localhost and see if they have an address to report logs of undesireables to. If not I'll: dig localhost SOA and get: localhost. 604800 IN SOA localhost. root.localhost. 1 604800 86400 2419200 604800 hmm...root.localhost, I bet you he can at least forward the email to the right person (since they are too lame to list that person on their web site). If all else fails do a whois lookup on the IP whois ipaddress and find one of the contacts listed there and bug them :) There is always an iptables blacklist you can set up and block the entire 24 (or 16, ouch) bit network if the admins do not take care of the undesireables. Regards, -- Phil PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import -- Excuse #14: Somebody was calculating pi on the server