It looks like psi.net "owns" that IP address. I've sent an email to
[EMAIL PROTECTED] and will wait to see what happens. It's of course probably
just some script kiddy but who knows? Meanwhile, I'm sure glad I've got
portsentry.
(BTW: I configured portsentry to play a wav when it detects something funny
going on. It was pretty cool to have my machine start shouting "INTRUDER
ALERT INTRUDER ALERT" and see the log file saying that this IP address is now
blocked!)
On Tue, 28 Nov 2000, you wrote with wit and wisdom:
> Tom Rauschenbach wrote:
>
> > Does anybody know how to find out who "owns" and IP address ? I've got
> > portsentry installed and it just warned me that I was probed by 38.164.94.1
> > and I'm wondering who that is. Traceroute and ping don't help (unless they
> > options I don't know about. I know that there is a sort of reverse DNS but
> > I don't know how to use it.
> >
> > TomR
> >
> > -- Standard is better than better. If your web
> > page cares what browser I'm using it's broken. [EMAIL PROTECTED]
> >
> > **********************************************************
> > To unsubscribe from this list, send mail to
> > [EMAIL PROTECTED] with the following text in the
> > *body* (*not* the subject line) of the letter:
> > unsubscribe gnhlug
> > **********************************************************
>
> you could also do a traceroute to see if the incoming ipaddress is behind a
> firewall in this case the address that has port scanned you is not.
>
> [root@dwarf_1 /etc]# traceroute 38.164.94.1
> traceroute to 38.164.94.1 (38.164.94.1), 30 hops max, 38 byte packets
> 1 192.168.0.1 (192.168.0.1) 0.526 ms 0.392 ms 0.360 ms
> 2 24.147.6.1 (24.147.6.1) 9.107 ms 11.775 ms 11.898 ms
> 3 24.128.9.37 (24.128.9.37) 11.999 ms 9.917 ms 9.876 ms
> 4 mnrtr01-cnrtr01.ne.mediaone.net (24.128.0.145) 12.777 ms 11.543 ms 9.934
> ms
> 5 24.147.0.217 (24.147.0.217) 11.151 ms 12.321 ms 11.732 ms
> 6 12.125.33.5 (12.125.33.5) 12.316 ms 12.660 ms 11.929 ms
> 7 gbr1-p60.cb1ma.ip.att.net (12.123.40.138) 12.229 ms 11.745 ms 11.944 ms
> 8 gbr3-p70.cb1ma.ip.att.net (12.122.5.53) 12.309 ms 11.887 ms 12.061 ms
> 9 gbr4-p10.n54ny.ip.att.net (12.122.2.13) 16.690 ms 16.352 ms 15.894 ms
> 10 gbr3-p60.n54ny.ip.att.net (12.122.1.121) 17.225 ms 18.301 ms 17.707 ms
> 11 gbr3-p30.wswdc.ip.att.net (12.122.2.166) 22.400 ms 23.787 ms 23.365 ms
> 12 gbr2-p60.wswdc.ip.att.net (12.122.1.225) 23.907 ms 22.816 ms 21.899 ms
> 13 gr1-p3110.wswdc.ip.att.net (12.123.8.230) 22.850 ms 23.214 ms 23.963 ms
> 14 204.6.117.65 (204.6.117.65) 30.724 ms 25.794 ms 25.664 ms
> 15 t21.sc.psi.net (38.1.3.31) 28.475 ms 24.607 ms 29.149 ms
> 16 rc2.ne.us.psi.net (38.1.21.194) 32.632 ms 30.730 ms 32.066 ms
> 17 new-york4.ny.analog7.psi.net (38.16.2.118) 28.066 ms 28.076 ms 27.609 ms
>
> 18 38.164.94.1 (38.164.94.1) 181.608 ms 179.438 ms 174.952 ms
> [root@dwarf_1 /etc]#
>
>
> chris
--
Standard is better than better. If your web page cares what browser I'm using
it's broken.
[EMAIL PROTECTED]
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
