Date: Fri, 14 Jul 2000 19:40:52 -0400 From: Nick Evans <nevans@nextvenue.com> To: 'Carl Strickler' <cstrickl@ifta.net>, "'freebsd-questions@freebsd.org'" <freebsd-questions@freebsd.org> Subject: RE: Who's knockin' on my firewall [OFF TOPIC] Message-ID: <712384017032D411AD7B0001023D799B07C9D3@sn1exchmbx.nextvenue.com>
next in thread | raw e-mail | index | archive | help
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01BFEDEC.F2381650 Content-Type: text/plain; charset="iso-8859-1" www.arin.net has an IP whois to find out the owner of the IP block. If there is a domain name associated with that IP you can do another whois on www.networksolutions.com to find out who you really want to complain to. There is no way to trace a packet with a spoofed IP of the private ranges (192.168, 10.0, 172.16)... -----Original Message----- From: Carl Strickler [mailto:cstrickl@ifta.net] Sent: Friday, July 14, 2000 5:12 PM To: 'freebsd-questions@freebsd.org' Subject: Who's knockin' on my firewall [OFF TOPIC] This is a bit off topic, but I was hoping someone could at least point me in the right direction. I regularly check my security logs to see who's been trying to get in and I'll do an nslookup on any IP address that occurs over 3 times. Now once in a while this will actually be useful and I come up with actual useful information. But most of the time I end up with what I started with, an IP address. Is there a way to find out who owns what block of addresses? Also is there a way to find out the real IP address if someone is spoofing (quite often we are probed by someone with a 10.x.x.x address)? Finally, is there any kind of SOP when dealing with unauthorized attempts from foreign countries (we seem to get probed quite a bit from SE Asia)? Any information would be helpful. TIA, Carl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message ------_=_NextPart_001_01BFEDEC.F2381650 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2652.35"> <TITLE>RE: Who's knockin' on my firewall [OFF TOPIC]</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>www.arin.net has an IP whois to find out the owner of = the IP block. If there is a domain name associated with that IP you can = do another whois on www.networksolutions.com to find out who you really = want to complain to. There is no way to trace a packet with a spoofed = IP of the private ranges (192.168, 10.0, 172.16)...</FONT></P> <P><FONT SIZE=3D2>-----Original Message-----</FONT> <BR><FONT SIZE=3D2>From: Carl Strickler [<A = HREF=3D"mailto:cstrickl@ifta.net">mailto:cstrickl@ifta.net</A>]</FONT> <BR><FONT SIZE=3D2>Sent: Friday, July 14, 2000 5:12 PM</FONT> <BR><FONT SIZE=3D2>To: 'freebsd-questions@freebsd.org'</FONT> <BR><FONT SIZE=3D2>Subject: Who's knockin' on my firewall [OFF = TOPIC]</FONT> </P> <BR> <P><FONT SIZE=3D2>This is a bit off topic, but I was hoping someone = could at least point me in the right </FONT> <BR><FONT SIZE=3D2>direction. </FONT> </P> <P><FONT SIZE=3D2>I regularly check my security logs to see who's been = trying to get in and I'll do an </FONT> <BR><FONT SIZE=3D2>nslookup on any IP address that occurs over 3 = times. Now once in a while this </FONT> <BR><FONT SIZE=3D2>will actually be useful and I come up with actual = useful information. But most of </FONT> <BR><FONT SIZE=3D2>the time I end up with what I started with, an IP = address. Is there a way to find out</FONT> <BR><FONT SIZE=3D2>who owns what block of addresses? </FONT> </P> <P><FONT SIZE=3D2>Also is there a way to find out the real IP address = if someone is spoofing (quite often</FONT> <BR><FONT SIZE=3D2>we are probed by someone with a 10.x.x.x address)? = </FONT> </P> <P><FONT SIZE=3D2>Finally, is there any kind of SOP when dealing with = unauthorized attempts from foreign </FONT> <BR><FONT SIZE=3D2>countries (we seem to get probed quite a bit from SE = Asia)? </FONT> </P> <P><FONT SIZE=3D2>Any information would be helpful.</FONT> </P> <BR> <P><FONT SIZE=3D2>TIA,</FONT> <BR><FONT SIZE=3D2>Carl</FONT> </P> <BR> <P><FONT SIZE=3D2>To Unsubscribe: send mail to = majordomo@FreeBSD.org</FONT> <BR><FONT SIZE=3D2>with "unsubscribe freebsd-questions" in = the body of the message</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01BFEDEC.F2381650-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?712384017032D411AD7B0001023D799B07C9D3>