>How do I chase down an IP address that was reported by Logcheck to FTP in?
>If have their IP and I want to see where it originated from so I know if it
>is one of my users or a hacker?
>
$ whois [EMAIL PROTECTED]
[whois.arin.net]
Telstra (NET-TELECOMAU4)
Network Development and
Construction Branch 32 Pirie Street Adelaide
South, 5000
AU
Netname: TELECOMAU4
Netblock: 144.134.0.0 - 144.134.255.255
Coordinator:
Telstra (HM100-ORG-ARIN) [EMAIL PROTECTED]
+61 3 9253 8600 Fax- +61 392538701
Domain System inverse mapping provided by:
SY-DNS01.TMNS.NET.AU 139.134.2.2
SY-DNS02.TMNS.NET.AU 139.134.2.18
Record last updated on 29-Nov-2000.
Database last updated on 18-Jun-2001 23:08:46 EDT.
The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
