Quoting _ ([EMAIL PROTECTED]): > Hello People, > > Is there a way that I can alert the ISPs whose IP addresses are used > to port scan computers? Sample -- taken from 2:34-2:38. > > 213.96.231.222 4662 [...]
~ $ whois 213.96.231.222 | more % This is the RIPE Whois server. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/ripencc/pub-services/db/copyright.html inetnum: 213.96.0.0 - 213.97.255.255 netname: RIMA descr: Telefonica De Espana SAU (NCC#2000013794) descr: Red de servicios IP descr: Spain country: ES admin-c: LJP5-RIPE tech-c: FLT14-RIPE rev-srv: scmrro3.nombres.ttd.es rev-srv: scmrro4.nombres.ttd.es rev-srv: ns.ripe.net status: ASSIGNED PA remarks: *************************************************** remarks: For ABUSE/SPAM/INTRUSION issues remarks: PLEASE CONTACT THROUGH LINK remarks: http://www.telefonicaonline.com/nemesys/ remarks: or send mail to [EMAIL PROTECTED] remarks: any mail to [EMAIL PROTECTED] will be ignored remarks: *************************************************** notify: [EMAIL PROTECTED] mnt-by: MAINT-AS3352 changed: [EMAIL PROTECTED] 20000302 changed: [EMAIL PROTECTED] 20020530 source: RIPE route: 213.96.192.0/18 descr: TTDNET (Red de servicios IP) origin: AS3352 mnt-by: MAINT-AS3352 mnt-routes: MAINT-AS3352 mnt-lower: MAINT-AS3352 changed: [EMAIL PROTECTED] 20010306 changed: [EMAIL PROTECTED] 20020118 changed: [EMAIL PROTECTED] 20020313 source: RIPE person: L Jimenez address: TELEFONICA DE ESPANA address: Emilio Vargas, 4 address: 28043-MADRID address: SPAIN phone: +34 91 5846497 fax-no: +34 91 5842650 e-mail: [EMAIL PROTECTED] nic-hdl: LJP5-RIPE remarks: *************************************************** remarks: For ABUSE/SPAM/INTRUSION issues remarks: PLEASE CONTACT THROUGH LINK remarks: http://www.telefonicaonline.com/nemesys/ remarks: or send mail to [EMAIL PROTECTED] remarks: any mail to [EMAIL PROTECTED] will be ignored remarks: *************************************************** e-mail: [EMAIL PROTECTED] nic-hdl: FLT14-RIPE notify: [EMAIL PROTECTED] changed: [EMAIL PROTECTED] 20020225 changed: [EMAIL PROTECTED] 20020530 source: RIPE So yes, you can do that. One possible complication: If it's possible that the machines serving those e-mail addresses are compromised by the bad guys, then sending e-mail might reach only the intruders, rather than the admins. To get around _that_ problem, the traditional workaround involves "out of band communication", e.g. a voice telephone call. In this case, halfway around the world, to Spain. And that's just for _one_ of the sixteen IP addresses you say portscanned you within a four-minute period. Your day could become both busy and expensive. ;-> Now, perhaps you can see why sysadmins have become fairly blase about portscans, in recent years. Even if you consider them to be "attacks", rather than rattling of doorknobs, the question still remains of just how much trouble they merit, on your part. -- Cheers, Ever wonder why the _same people_ Rick Moen make up _all_ the conspiracy theories? [EMAIL PROTECTED] _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
