On Fri, 28 Aug 1998, Kevin Sisney wrote:
> When I see one of these in my log:
> Aug 28 02:04:21 felix in.telnetd[6553]: refused connect from 198.137.241.30
> What's the best way to go about finding out who it was?
If the IP doesn't resolve to a hostname you can use whois to find out who
owns the netblock. I use a script called netwhois that has the following line:
whois $[EMAIL PROTECTED]
> Is there a client program for the identd in case they happen
> to be running one?
You can either compile tcp_wrappers to always do ident lookups
or you can add the option 'rfc931' to selected entries in your
/etc/hosts.deny and /etc/hosts.allow files
see the host_options man page for more info
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
