[EMAIL PROTECTED] wrote:
>
> >
> > In looking over my firewall system logs I noticed a series
> > of rejects logged by ipfwadm. It seems that someone was
> > running a port scan on me.
> >
> > I have their IP address - how do I determine the host name
> > & responsible authority for that host?
> >
> > Thanks,
> >
> > Matt
> >
> %dig -x <the IP address>
>
> gets you the host name.
> The responsible authority is a bit harder... :(
>
Not very hard, try (where xxx.zzz.ttt.yyy is the offending address) :
whois xxx.zzz.ttt.yyy for US centric addresses ( .com, .net, .edu,
etc...)
whois [EMAIL PROTECTED] for european ones
whois [EMAIL PROTECTED] for Asia/Pacific
Test example on an unalocated address of my class (193.231.253.66):
mircea:~# whois [EMAIL PROTECTED]
[joshua.ripe.net]
% Rights restricted by copyright. See
http://www.ripe.net/db/dbcopyright.html
inetnum: 193.231.253.0 - 193.231.253.255
netname: ELECTROPLUS
descr: ElectroPlus Romania - Internet Provider
country: RO
admin-c: LO30-RIPE
tech-c: MC158-RIPE <<< That's me folks ;)
tech-c: DN117-RIPE
...
[ much more information snipped... ]
So once you get the techies address you can bugger them, THEN the
administration and so on...
Of course real bastards do not register their address class ( common in
Japan and Co. from where half of attacks come here) and only a
traceroute could help you to see where the addres ends.
HTH
Mircea C.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
