From owner-freebsd-questions Fri Jul 14 16:56:27 2000 Delivered-To: freebsd-questions@freebsd.org Received: from lerami.lerctr.org (lerami.lerctr.org [207.158.72.11]) by hub.freebsd.org (Postfix) with ESMTP id 2C20037B9F9 for ; Fri, 14 Jul 2000 16:56:22 -0700 (PDT) (envelope-from ler@lerctr.org) Received: (from ler@localhost) by lerami.lerctr.org (8.10.1/8.10.1/20000708) id e6ENuBD25946; Fri, 14 Jul 2000 18:56:11 -0500 (CDT) From: Larry Rosenman Message-Id: <200007142356.e6ENuBD25946@lerami.lerctr.org> Subject: Re: Who's knockin' on my firewall [OFF TOPIC] In-Reply-To: <712384017032D411AD7B0001023D799B07C9D3@sn1exchmbx.nextvenue.com> "from Nick Evans at Jul 14, 2000 07:40:52 pm" To: Nick Evans Date: Fri, 14 Jul 2000 18:56:11 -0500 (CDT) Cc: "'Carl Strickler'" , "'freebsd-questions@freebsd.org'" X-Mailer: ELM [version 2.4ME+ PL79 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG There is a great whois proxy at www.geektools.com that knows who to ask about things and follow the referral pointers. For example, here is a domain I registered through itsyourdomain.com: $ whois -h whois.geektools.com lerctr.net Query: lerctr.net Registry: whois.itsyourdomain.com Results: Registrar Name: ItsYourDomain.Com Registrar Whois: Whois.ItsYourDomain.Com Registrar Homepage: http://www.ItsYourDomain.Com Registrant: Lawrence E. Rosenman 1905 Steamboat Springs Drive Garland, TX 75044-6749 US Domain: LERCTR.NET Administrative Contact: Lawrence Rosenman (LR2-IYD) ler@lerctr.org Lawrence E. Rosenman 1905 Steamboat Springs Drive Garland, TX 75044-6749 US (972)414-9812 (FAX) Technical Contact: Lawrence Rosenman (LR2-IYD) ler@lerctr.org Lawrence E. Rosenman 1905 Steamboat Springs Drive Garland, TX 75044-6749 US (972)414-9812 (FAX) Billing Contact: Lawrence Rosenman (LR2-IYD) ler@lerctr.org Lawrence E. Rosenman 1905 Steamboat Springs Drive Garland, TX 75044-6749 US (972)414-9812 (FAX) Created: 07/08/2000 Updated: 07/08/2000 Expires: 07/08/2002 Domain Name Servers in listed order: NS-A.LERCTR.ORG NS-B.CIRR.COM ItsYourDomain.com - "The Wholesale Registrar" Results brought to you by the GeekTools WHOIS Proxy v3.0 Server results may be copyrighted and are used with permission. Your host (207.158.72.11) has visited 1 times today. $ Nice, it also follows the IP addresses. [ Charset ISO-8859-1 unsupported, converting... ] > www.arin.net has an IP whois to find out the owner of the IP block. If there > is a domain name associated with that IP you can do another whois on > www.networksolutions.com to find out who you really want to complain to. > There is no way to trace a packet with a spoofed IP of the private ranges > (192.168, 10.0, 172.16)... > > -----Original Message----- > From: Carl Strickler [mailto:cstrickl@ifta.net] > Sent: Friday, July 14, 2000 5:12 PM > To: 'freebsd-questions@freebsd.org' > Subject: Who's knockin' on my firewall [OFF TOPIC] > > > This is a bit off topic, but I was hoping someone could at least point me in > the right > direction. > > I regularly check my security logs to see who's been trying to get in and > I'll do an > nslookup on any IP address that occurs over 3 times. Now once in a while > this > will actually be useful and I come up with actual useful information. But > most of > the time I end up with what I started with, an IP address. Is there a way > to find out > who owns what block of addresses? > > Also is there a way to find out the real IP address if someone is spoofing > (quite often > we are probed by someone with a 10.x.x.x address)? > > Finally, is there any kind of SOP when dealing with unauthorized attempts > from foreign > countries (we seem to get probed quite a bit from SE Asia)? > > Any information would be helpful. > > > TIA, > Carl > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 (voice) Internet: ler@lerctr.org US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message