tools to find out the MAC address that was assigned to a specific port on a
switch, which related to a room and wall socket. We could hunt down a pc
anywhere on campus as long as it requested a DHCP IP Address. It was the
static ones that were more difficult to track...
Cheers,
Jeff Garza
_____
From: dana tierney [mailto:[EMAIL PROTECTED]
Sent: Sunday, February 01, 2004 7:50 AM
To: CF-Community
Subject: is it that hard to identify an ip on a network?
I have been getting a ridiculous number of copies of myDoom, and deleting
them while mumbling to myself. Also lots of bounce messages saying that
email addresses that don't exist on my domain have been sending email to
mailboxes that are full. Ran a full virus scan to be on the safe side. Then
I noticed that all of these copies of MyDoom are coming from a single ip
address. I run it through geektools, which says it is the university of
arkansas.
I locate and call the after hours support number. The guy that answers the
phone suggests Norton. I sweetly explain that this is not the point, that
this ip has sent 165 copies of MyDoom to me alone on Saturday alone, so it
is probably sending this virus out in vast numbers. It is also claiming at
times to be my dawnrock domain. I give him the ip. He does not know whether
it is one of theirs but does promise to investigate. Fine. It occurs to me
that whoever he is gonna call might like to check the headers themselves so
I call him back to ask about this. He says oh, no, the abuse desk is
monitoring the situation and it is in one of the student dorms. Monitoring,
huh... he decides what the hey, I should send a few copies to
[EMAIL PROTECTED], and gives me a name to send it attention of. I do that and
contemplate turning off catch all on my account, but decide that this will
just bounce the emails to the domains they are allegedly from, not to the
offending ip, and so just contribute to the problem. I go do other things.
Six hours later I check my email and find another 25 emails with the worm
attached, almost all of them from the same IP. I call Fayetteville again.
They have a ticket, closed resolved. I tell them it ain't and suggest that
if they have sent that many to me at a domain that has only been registered
for two months, they are probably sending out enough to make their mail
server kinda tired :) The guy at the desk sounds a little swifter than his
overnight colleague and says he will call the guy who allegedly fixed the
problem back and "admonish" him, his words.
Now, I am not a mail admin, thank goodness, and chances are this ip is
dynamically allocated, I guess, but it's been on long enough to send out all
these emails... how hard can it be to locate it and pull the plug?
Thinking too much again,
Dana
_____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
