Date: Fri, 14 Jul 2000 19:40:52 -0400 From: Nick Evans <nevans@nextvenue.com> To: 'Carl Strickler' <cstrickl@ifta.net>, "'freebsd-questions@freebsd.org'" <freebsd-questions@freebsd.org> Subject: RE: Who's knockin' on my firewall [OFF TOPIC] Message-ID: <712384017032D411AD7B0001023D799B07C9D3@sn1exchmbx.nextvenue.com>
index | next in thread | raw e-mail
[-- Attachment #1 --] www.arin.net has an IP whois to find out the owner of the IP block. If there is a domain name associated with that IP you can do another whois on www.networksolutions.com to find out who you really want to complain to. There is no way to trace a packet with a spoofed IP of the private ranges (192.168, 10.0, 172.16)... -----Original Message----- From: Carl Strickler [mailto:cstrickl@ifta.net] Sent: Friday, July 14, 2000 5:12 PM To: 'freebsd-questions@freebsd.org' Subject: Who's knockin' on my firewall [OFF TOPIC] This is a bit off topic, but I was hoping someone could at least point me in the right direction. I regularly check my security logs to see who's been trying to get in and I'll do an nslookup on any IP address that occurs over 3 times. Now once in a while this will actually be useful and I come up with actual useful information. But most of the time I end up with what I started with, an IP address. Is there a way to find out who owns what block of addresses? Also is there a way to find out the real IP address if someone is spoofing (quite often we are probed by someone with a 10.x.x.x address)? Finally, is there any kind of SOP when dealing with unauthorized attempts from foreign countries (we seem to get probed quite a bit from SE Asia)? Any information would be helpful. TIA, Carl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message [-- Attachment #2 --] <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2652.35"> <TITLE>RE: Who's knockin' on my firewall [OFF TOPIC]</TITLE> </HEAD> <BODY> <P><FONT SIZE=2>www.arin.net has an IP whois to find out the owner of the IP block. If there is a domain name associated with that IP you can do another whois on www.networksolutions.com to find out who you really want to complain to. There is no way to trace a packet with a spoofed IP of the private ranges (192.168, 10.0, 172.16)...</FONT></P> <P><FONT SIZE=2>-----Original Message-----</FONT> <BR><FONT SIZE=2>From: Carl Strickler [<A HREF="mailto:cstrickl@ifta.net">mailto:cstrickl@ifta.net</A>]</FONT> <BR><FONT SIZE=2>Sent: Friday, July 14, 2000 5:12 PM</FONT> <BR><FONT SIZE=2>To: 'freebsd-questions@freebsd.org'</FONT> <BR><FONT SIZE=2>Subject: Who's knockin' on my firewall [OFF TOPIC]</FONT> </P> <BR> <P><FONT SIZE=2>This is a bit off topic, but I was hoping someone could at least point me in the right </FONT> <BR><FONT SIZE=2>direction. </FONT> </P> <P><FONT SIZE=2>I regularly check my security logs to see who's been trying to get in and I'll do an </FONT> <BR><FONT SIZE=2>nslookup on any IP address that occurs over 3 times. Now once in a while this </FONT> <BR><FONT SIZE=2>will actually be useful and I come up with actual useful information. But most of </FONT> <BR><FONT SIZE=2>the time I end up with what I started with, an IP address. Is there a way to find out</FONT> <BR><FONT SIZE=2>who owns what block of addresses? </FONT> </P> <P><FONT SIZE=2>Also is there a way to find out the real IP address if someone is spoofing (quite often</FONT> <BR><FONT SIZE=2>we are probed by someone with a 10.x.x.x address)? </FONT> </P> <P><FONT SIZE=2>Finally, is there any kind of SOP when dealing with unauthorized attempts from foreign </FONT> <BR><FONT SIZE=2>countries (we seem to get probed quite a bit from SE Asia)? </FONT> </P> <P><FONT SIZE=2>Any information would be helpful.</FONT> </P> <BR> <P><FONT SIZE=2>TIA,</FONT> <BR><FONT SIZE=2>Carl</FONT> </P> <BR> <P><FONT SIZE=2>To Unsubscribe: send mail to majordomo@FreeBSD.org</FONT> <BR><FONT SIZE=2>with "unsubscribe freebsd-questions" in the body of the message</FONT> </P> </BODY> </HTML>help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?712384017032D411AD7B0001023D799B07C9D3>