From owner-freebsd-questions  Fri Jul 14 16:45:19 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from sn1oexchr01.nextvenue.com (sn1oexchr01.nextvenue.com [63.209.169.9])
	by hub.freebsd.org (Postfix) with SMTP id 9A47E37C44B
	for <freebsd-questions@freebsd.org>; Fri, 14 Jul 2000 16:45:14 -0700 (PDT)
	(envelope-from nevans@nextvenue.com)
Received: FROM sn1exchmbx.nextvenue.com BY sn1oexchr01.nextvenue.com ; Fri Jul 14 19:43:29 2000 -0400
Received: by sn1exchmbx.nextvenue.com with Internet Mail Service (5.5.2650.21)
	id <34BTY6Z3>; Fri, 14 Jul 2000 19:40:53 -0400
Message-ID: <712384017032D411AD7B0001023D799B07C9D3@sn1exchmbx.nextvenue.com>
From: Nick Evans <nevans@nextvenue.com>
To: 'Carl Strickler' <cstrickl@ifta.net>,
	"'freebsd-questions@freebsd.org'" <freebsd-questions@freebsd.org>
Subject: RE: Who's knockin' on my firewall [OFF TOPIC]
Date: Fri, 14 Jul 2000 19:40:52 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01BFEDEC.F2381650"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01BFEDEC.F2381650
Content-Type: text/plain;
	charset="iso-8859-1"

www.arin.net has an IP whois to find out the owner of the IP block. If there
is a domain name associated with that IP you can do another whois on
www.networksolutions.com to find out who you really want to complain to.
There is no way to trace a packet with a spoofed IP of the private ranges
(192.168, 10.0, 172.16)...

-----Original Message-----
From: Carl Strickler [mailto:cstrickl@ifta.net]
Sent: Friday, July 14, 2000 5:12 PM
To: 'freebsd-questions@freebsd.org'
Subject: Who's knockin' on my firewall [OFF TOPIC]


This is a bit off topic, but I was hoping someone could at least point me in
the right 
direction.  

I regularly check my security logs to see who's been trying to get in and
I'll do an 
nslookup on any IP address that occurs over 3 times.  Now once in a while
this 
will actually be useful and I come up with actual useful information.  But
most of 
the time I end up with what I started with, an IP address.  Is there a way
to find out
who owns what block of addresses?  

Also is there a way to find out the real IP address if someone is spoofing
(quite often
we are probed by someone with a 10.x.x.x address)? 

Finally, is there any kind of SOP when dealing with unauthorized attempts
from foreign 
countries (we seem to get probed quite a bit from SE Asia)?  

Any information would be helpful.


TIA,
Carl


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

------_=_NextPart_001_01BFEDEC.F2381650
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2652.35">
<TITLE>RE: Who's knockin' on my firewall [OFF TOPIC]</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2>www.arin.net has an IP whois to find out the owner of =
the IP block. If there is a domain name associated with that IP you can =
do another whois on www.networksolutions.com to find out who you really =
want to complain to. There is no way to trace a packet with a spoofed =
IP of the private ranges (192.168, 10.0, 172.16)...</FONT></P>

<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: Carl Strickler [<A =
HREF=3D"mailto:cstrickl@ifta.net">mailto:cstrickl@ifta.net</A>]</FONT>
<BR><FONT SIZE=3D2>Sent: Friday, July 14, 2000 5:12 PM</FONT>
<BR><FONT SIZE=3D2>To: 'freebsd-questions@freebsd.org'</FONT>
<BR><FONT SIZE=3D2>Subject: Who's knockin' on my firewall [OFF =
TOPIC]</FONT>
</P>
<BR>

<P><FONT SIZE=3D2>This is a bit off topic, but I was hoping someone =
could at least point me in the right </FONT>
<BR><FONT SIZE=3D2>direction.&nbsp; </FONT>
</P>

<P><FONT SIZE=3D2>I regularly check my security logs to see who's been =
trying to get in and I'll do an </FONT>
<BR><FONT SIZE=3D2>nslookup on any IP address that occurs over 3 =
times.&nbsp; Now once in a while this </FONT>
<BR><FONT SIZE=3D2>will actually be useful and I come up with actual =
useful information.&nbsp; But most of </FONT>
<BR><FONT SIZE=3D2>the time I end up with what I started with, an IP =
address.&nbsp; Is there a way to find out</FONT>
<BR><FONT SIZE=3D2>who owns what block of addresses?&nbsp; </FONT>
</P>

<P><FONT SIZE=3D2>Also is there a way to find out the real IP address =
if someone is spoofing (quite often</FONT>
<BR><FONT SIZE=3D2>we are probed by someone with a 10.x.x.x address)? =
</FONT>
</P>

<P><FONT SIZE=3D2>Finally, is there any kind of SOP when dealing with =
unauthorized attempts from foreign </FONT>
<BR><FONT SIZE=3D2>countries (we seem to get probed quite a bit from SE =
Asia)?&nbsp; </FONT>
</P>

<P><FONT SIZE=3D2>Any information would be helpful.</FONT>
</P>
<BR>

<P><FONT SIZE=3D2>TIA,</FONT>
<BR><FONT SIZE=3D2>Carl</FONT>
</P>
<BR>

<P><FONT SIZE=3D2>To Unsubscribe: send mail to =
majordomo@FreeBSD.org</FONT>
<BR><FONT SIZE=3D2>with &quot;unsubscribe freebsd-questions&quot; in =
the body of the message</FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01BFEDEC.F2381650--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message