Try doing 'nslookup 123.456.789.12'. See if it resolves to anything you
can use. Oh, substitute the ip address of the person who's been trying
to hack you for the one I got to lazy to make legitimate looking.
Ken Wilson
First Law of Optimization: The speed of a nonworking program is
irrelevant
(Steve Heller, 'Efficient C/C++ Programming')
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of pete moss
> Sent: Wednesday, September 22, 1999 7:40 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [newbie] PLEASE! What do these log entries mean?!?
>
>
> how do you find this info? is there a command (or service) that will
> give you this info about an ip?
>
> :P_
>
>
> [EMAIL PROTECTED] wrote:
> >
> > You might want to contact the owner of the network from which this
> > traffic originated. It may give you some sense of
> satisfaction to know
> > that the script-kiddie in question got nailed by his
> university. Here's
> > the contact information for 157.89.64.77. Enjoy!
> >
> > Eastern Kentucky University (NET-EKU)
> > Academic Computing Services
> > 3.395219E-313astern Kentucky University
> > Richmond, KY 40475-3111
> >
> > Netname: EKU
> > Netnumber: 157.89.0.0
> >
> > Domain System inverse mapping provided by:
> >
> > ACS.EKU.EDU 157.89.8.64
> > NCC.UKY.EDU 128.163.1.6
> >
> > Record last updated on 12-Apr-93.
> >
> > Registrant:
> > Eastern Kentucky University (EKU-DOM)
> > Academic Computing Services Combs
> > Classroom Bldg Room 207
> > Richmond, KY 40475-3111
> > US
> >
> > Domain Name: EKU.EDU
> >
> > Administrative Contact:
> > Lane, Margaret (CT152) [EMAIL PROTECTED]
> > (606)622-1986
> > Technical Contact, Zone Contact:
> > ALCORN, MELVIN (MA172) [EMAIL PROTECTED]
> > (606)622-1986
> > Billing Contact:
> > Lane, Margaret (CT152) [EMAIL PROTECTED]
> > (606)622-1986
> >
> > Record last updated on 20-Aug-98.
> > Record created on 22-Mar-93.
> > Database last updated on 21-Sep-99 14:40:22 EDT.
> >
> > -----Original Message-----
> > From: axalon [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, September 22, 1999 4:30 PM
> > To: newbie
> > Cc: axalon
> > Subject: Re: Re: [newbie] PLEASE! What do these log entries mean?!?
> >
> > On Wed, 22 Sep 1999, Eric L. Damron wrote:
> >
> > > I have found that people unknown are attacking my linux box! The
> > following
> > > entries were found in maillog:
> > >
> > > Sep 15 07:09:07 C287853-A sendmail[1979]: NOQUEUE: [157.89.64.77]:
> > VRFY
> > > guest
> > > Sep 15 07:09:07 C287853-A sendmail[1980]: NOQUEUE: [157.89.64.77]:
> > VRFY
> > > decode
> > > Sep 15 07:09:07 C287853-A sendmail[1981]: NOQUEUE: [157.89.64.77]:
> > VRFY bbs
> > > Sep 15 07:09:07 C287853-A sendmail[1982]: NOQUEUE: [157.89.64.77]:
> > VRFY lp
> > > Sep 15 07:09:07 C287853-A sendmail[1983]: NOQUEUE: [157.89.64.77]:
> > VRFY
> > > uudecode
> > > Sep 15 07:09:07 C287853-A sendmail[1977]: NOQUEUE: "wiz"
> command from
> > > [157.89.64.77] (157.89.64.77)
> > > Sep 15 07:09:07 C287853-A sendmail[1977]: NOQUEUE: "debug" command
> > from
> > > [157.89.64.77] (157.89.64.77)
> > >
> > > (WHAT THE HELL IS THE "WIZ" COMMAND. AND THE "DEBUG" COMMAND!!
> > >
> > > Please! If anyone knows what this jerk is trying to do
> and How I can
> > stop
> > > him PLEASE let me know!
> > >
> > > Thanks.
> > >
> >
> > ipchains -I input -s 157.89.64.77/0 -d 0/0 -j REJECT
> >
> > --
> > MandrakeSoft http://www.mandrakesoft.com/
> > --Axalon
> >
> >
> --------------------------------------------------------------
> ----------
> > Name: WINMAIL.DAT
> > WINMAIL.DAT Type: application/ms-tnef
> > Encoding: base64
>