* Network Server wrote:
> Hi everyone!
Moinsen
Strange name..
> Somebody tried to access formmail.pl on our linux box for common formmail
> vulnerabilities.
> The logs show 4 different IPs as REMOTE_ADDR
>
> 12.161.234.246
> 63.151.143.21
> 63.151.143.22
> 63.151.143.23
>
> I tried to get information about the IPs (sure Proxies) but failed (lack of
> knowledge - just newbie)
Well first you should try to ping/traceroute the machines. But on many
hosts the ICMP protocol is disabled nowadays. Further you can try to
portscan the machines to look what services they are running. Then you
could go on wasting your time and do further scans...
If you'd like to get usefull information instead try to get the holder
of the domains/networks using the "whois" tool.
For example:
--snip--
[20:55:51]zebroc@churchill[~] whois 63.151.143.21
Qwest Communications (NETBLK-NET-QWEST-BLKS-2) NET-QWEST-BLKS-2
63.144.0.0 - 63.151.255.255
PATRIOT HOSTING SERVICES (NETBLK-Q0205-63-151-143-0) Q0205-63-151-143-0
63.151.143.0 - 63.151.143.255
To single out one record, look it up with "!xxx", where xxx is the
handle, shown in parenthesis following the name, which comes first.
--snip--
Then you can get furhter information on this company and contact an
admin or something.
Little tip: Most time it's not worth doing such researches. Most
Providers don't care...
--
Best regards,
Marc Herbrechter
http://www.zebroc.de/
"It's hard to stay mad, when there's so much beautiy in the world.
Sometimes I feel like I'm seeing it all at once and it's too much.
My heart fills up like a balloon that's about to burst. And then
I remember to relax and stop trying to hold on to it. And then it
flows through me like rain and I can't feel anything but gratitude
for every single moment of my stupid little life." - Alan Ball
