Using a utility called NEOTRACE I was able to ping, resolve, and whois every
node on a traceroute from my computer to the IP address in question. Not
surprising, the IP itself could not be resolved, but the hop right before it
could be. I suppose that a good guess is that this might be the offender's
ISP. In this case, the hop info resolved to:
domain: isis.de
descr: ISIS Multimedia Net GmbH
descr: Kaistr. 6
descr: D-40221 Duesseldorf
descr: Germany
admin-c: HJM16-RIPE
tech-c: VF194-RIPE
zone-c: DAH9-RIPE
nserver: issv0099.isis.de 195.158.131.2
nserver: ns1.netcologne.de
nserver: noc.rrz.uni-koeln.de
mnt-by: DE-DOM
changed: [EMAIL PROTECTED] 19990909
source: RIPE
person: Hans-Joachim Mittler
address: Kaistrasse 6
address: Duesseldorf
address: Germany
phone: +49211 27314
fax-no: +49 211 27310
e-mail: [EMAIL PROTECTED]
nic-hdl: HJM16-RIPE
changed: [EMAIL PROTECTED] 19980302
source: RIPE
person: Volker Franzkowiak
address: ISIS Multimedia Net GmbH
address: Kaistr. 6
address: D-40221 Duesseldorf
address: GERMANY
phone: +49-211-8527305
fax-no: +49-211-8527310
e-mail: [EMAIL PROTECTED]
nic-hdl: VF194-RIPE
changed: [EMAIL PROTECTED] 19980805
source: RIPE
person: Dirk Andreas Hofmann
address: ISIS Multimedia Net
address: Kaistrasse 6
address:
address: D-40221 Duesseldorf
phone: +49 211 8527372
fax-no: +49 211 8527410
e-mail: [EMAIL PROTECTED]
nic-hdl: DAH9-RIPE
notify: [EMAIL PROTECTED]
changed: [EMAIL PROTECTED] 19990505
source: RIPE
I guess that I answered my own question. If anyone can add to what I have
done, I would greatly appreciate learning anything to help protect myself
and the networks I protect. I'm going to see if I can find an "abuse@" addy
related to the above information in additon to the addys that are already
there.
Respectfully,
Michael E. Cummins
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Michael E. Cummins
> Sent: Thursday, February 17, 2000 6:56 PM
> To: Firewalls Mailing List
> Subject: Someone is scanning me right now
>
>
> Just curious.
>
> Someone is gently scanning me right now from 195.158.132.218 ; out of
> curiosity, I tried connecting to this IP on 21; 80; 119; etc.
> just to see if
> I would get any return info but was forcefully rejected on each attempt.
> They were initially scanning for (according to my firewall logs)
> Net-Bus PRO
> and backdoor G-1 connections. Now that I have his IP and time of
> connection, what other information can I get about him so I can submit him
> to.. who?
>
> His ISP would be the most likely source to complain to, but how do I get
> that? What other information can I acquire to help nail him down?
>
> Any advice on what step to take next? Probably too late to help me catch
> this one but I suppose there will always be a "next" one!
>
> Thank you!
>
> ,_,
> (O,O)
> ( )
> -"-"---------------------------------------------------------------
> | From the Desk of Michael E. Cummins
> |
> |
> |
> | WEBSITE: http://www.i-magery.com
> |
> | E-MAIL: mailto:[EMAIL PROTECTED] |
> |
> |
> | "The main thing is to keep the main thing, the main thing" |
> | - Albert Einstein
> |
> |
> |
> | "Si hoc legere scis numium eruditionis habes" |
> -------------------------------------------------------------------
>
>
> ====================================================
> And for you automated email spammers out there,
> here are the email addresses of the current board of
> the Federal Communications Commission:
> Chairman William Kennard: [EMAIL PROTECTED]
> Commissioner Susan Ness: [EMAIL PROTECTED]
> Commissioner Harold Furchtgott-Roth: [EMAIL PROTECTED]
> Commissioner Michael Powell: [EMAIL PROTECTED]
> Commissioner Gloria Tristani: [EMAIL PROTECTED]
> And let's help you send some spam to the USPS, too:
> [EMAIL PROTECTED]
> ====================================================
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
