From owner-freebsd-questions Fri Jul 14 14:10:47 2000 Delivered-To: freebsd-questions@freebsd.org Received: from ifta.accelnet.com (ifta.net [204.58.140.252]) by hub.freebsd.org (Postfix) with ESMTP id 1DBEA37B950 for ; Fri, 14 Jul 2000 14:10:41 -0700 (PDT) (envelope-from cstrickl@ifta.net) Received: from a937cc5ze020 (ifta02.accelnet.com [204.58.141.2]) by ifta.accelnet.com (8.9.3/8.9.1) with SMTP id OAA07344 for ; Fri, 14 Jul 2000 14:12:08 -0700 (PDT) Received: by localhost with Microsoft MAPI; Fri, 14 Jul 2000 14:12:14 -0700 Message-ID: <01BFED9D.8280F100.cstrickl@ifta.net> From: Carl Strickler To: "'freebsd-questions@freebsd.org'" Subject: Who's knockin' on my firewall [OFF TOPIC] Date: Fri, 14 Jul 2000 14:12:13 -0700 X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This is a bit off topic, but I was hoping someone could at least point me in the right direction. I regularly check my security logs to see who's been trying to get in and I'll do an nslookup on any IP address that occurs over 3 times. Now once in a while this will actually be useful and I come up with actual useful information. But most of the time I end up with what I started with, an IP address. Is there a way to find out who owns what block of addresses? Also is there a way to find out the real IP address if someone is spoofing (quite often we are probed by someone with a 10.x.x.x address)? Finally, is there any kind of SOP when dealing with unauthorized attempts from foreign countries (we seem to get probed quite a bit from SE Asia)? Any information would be helpful. TIA, Carl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message