From owner-freebsd-questions  Fri Jul 14 14:18:20 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from q.closedsrc.org (ip233.gte15.rb1.bel.nwlink.com [209.20.244.233])
	by hub.freebsd.org (Postfix) with ESMTP id A04DF37C60D
	for <freebsd-questions@FreeBSD.ORG>; Fri, 14 Jul 2000 14:17:59 -0700 (PDT)
	(envelope-from lplist@q.closedsrc.org)
Received: from localhost (lplist@localhost)
	by q.closedsrc.org (8.10.2/8.10.2) with ESMTP id e6ELGNj99628;
	Fri, 14 Jul 2000 14:16:23 -0700 (PDT)
	(envelope-from lplist@q.closedsrc.org)
Date: Fri, 14 Jul 2000 14:16:23 -0700 (PDT)
From: Linh Pham <lplist@q.closedsrc.org>
To: Carl Strickler <cstrickl@ifta.net>
Cc: "'freebsd-questions@freebsd.org'" <freebsd-questions@FreeBSD.ORG>
Subject: Re: Who's knockin' on my firewall [OFF TOPIC]
In-Reply-To: <01BFED9D.8280F100.cstrickl@ifta.net>
Message-ID: <Pine.BSF.4.21.0007141415300.99598-100000@q.closedsrc.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


I think ARIN (spelling?) has a IP -> ISP/Owner converter on their site,
but I don't know of any utilities that will do that in the CLI...

// Linh Pham
//
// Proud supporter of FreeBSD and OpenBSD
// FreeBSD - http://www.freebsd.org
// OpenBSD - http://www.openbsd.org

/*	"Oregon, n.:
		Eighty billion gallons of water
		with no place to go on
		Saturday night."
*/


On Fri, 14 Jul 2000, Carl Strickler wrote:

> This is a bit off topic, but I was hoping someone could at least point me in the right 
> direction.  
> 
> I regularly check my security logs to see who's been trying to get in and I'll do an 
> nslookup on any IP address that occurs over 3 times.  Now once in a while this 
> will actually be useful and I come up with actual useful information.  But most of 
> the time I end up with what I started with, an IP address.  Is there a way to find out
> who owns what block of addresses?  
> 
> Also is there a way to find out the real IP address if someone is spoofing (quite often
> we are probed by someone with a 10.x.x.x address)? 
> 
> Finally, is there any kind of SOP when dealing with unauthorized attempts from foreign 
> countries (we seem to get probed quite a bit from SE Asia)?  
> 
> Any information would be helpful.
> 
> 
> TIA,
> Carl
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message