Mike,
I just posted how to do it in a RE: to Alejandro Hoyos. You
should get it in the listserv messages. I might add that there are numerous
shareware/freeware "whois" type utilities available for platforms other than
Unix (e.g. Windows, Mac's, etc). Personally, I'd like to see more people get
a bit more proactive in solving 'weird' log entries such as this. It could
help a bit in clearing up a small of the 'net congestion. Quite often these
types of 'transactions' are simply due to a misconfig somewhere, and
contacting the admins (in a businesslike manner) is usually appreciated more
than resented. I know that I'd be more than happy to help solve any
erroneous packets coming from my machines, if someone were to contact me
about it.
--Bill
----- Original Message -----
From: Michael Stout <[EMAIL PROTECTED]>
To: Bill Fox <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, September 02, 1999 7:32 AM
Subject: Re: FTP Attempts
Bill,
How did you track down the coordinator for that particular IP address.
We are hit numerous times by IP addresses that I would like to track
down but reverse DNS doesn't work. Could you please post a simple HOWTO
track down rouge IP addresses?
Thanks much,
Michael
Bill Fox wrote:
>
> Hi,
>
> Perhaps a brief email or phone call to the coodinator (see below) may
> help in resolving the issue (?).
>
> Good Luck!
> --Bill
>
> United States Internet, Inc (NETBLK-SPRINT-D01840)
> 1127 N Broadway
> Knoxville, TN 37917
> US
>
> Netname: SPRINT-D01840
> Netblock: 208.24.64.0 - 208.24.95.255
> Maintainer: USI
>
> Coordinator:
> Duren, Jon (JD5837-ARIN) [EMAIL PROTECTED]
> 423 540-7100
>
> Record last updated on 01-Oct-97.
> Database last updated on 1-Sep-99 16:17:55 EDT.
>
> ----- Original Message -----
> From: Newcomb, Kelly <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, September 01, 1999 4:12 PM
> Subject: FTP Attempts
>
> I'm getting repeated (regular intervals) ftp attempts to my firewall from
an
> address (208.24.82.140) that I can't seem to track down. While the
attempts
> are being blocked, the continuing log messages are annoying. This has been
> going on for quite a while now, and I'm wondering if something got caught
in
> a loop and the attempts may not be malicious. (on the other hand... 8-O)
> Any thoughts?
>
> TIA,
> Kelly
> ---
> Kelly Newcomb, CISSP
> Technical Risk Assessment Consultant
> Texas Guaranteed Student Loan Corp.
> E-Mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
