[CLUE-Tech] who attacked me?
Tim Russell
tim.russell at ilg.com
Tue Mar 20 16:19:58 MST 2001
First thing to try is an "nslookup ip" and see if it has a reverse lookup
name. It doesn't seem to, in this case.
Next, you can do a "whois 211.36.203.0 at whois.arin.net | more" and see who
owns the netblock and who the contact is. That'll usually get you something
useful.
Tim
> -----Original Message-----
> From: Roger Frank [mailto:rfrank at rfrank.net]
> Sent: Tuesday, March 20, 2001 15:59
> To: clue-tech at clue.denver.co.us
> Subject: [CLUE-Tech] who attacked me?
>
>
> While I was at school, the system apparently was attacked. The
> logs indicate an "attack alert" on port 111 from 211.36.203.30
>
> Now how do I find out who has that address. I don't want to
> try to go there with a browser since that will indicate that I
> am here and right now the machine has switched to cloaked
> mode from that IP address. I don't even want to traceroute to it,
> or do I? How do you lookup a name from an IP address?
> I'm just curious who this was.
>
> As far as I can tell, the firewall worked fine. Then again, how
> can I be sure?
>
> Roger Frank
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
>
More information about the clue-tech
mailing list