[CLUE-Tech] who attacked me?
ian
iguy at ionsphere.org
Tue Mar 20 16:51:51 MST 2001
What makes you say you were attacked?
If you are on the open net, have a cable modem/dsl/broadband type of connection,
and have your machine on; you will most likely be probed.
That's significantly different from truly being attacked.
The only way to be very sure is to have some kind of IDS system.
(Intrusion Detection System) One of these is tripwire. Any IDS system
can verify that system files have not been changed without your permission.
ian
On Tue, Mar 20, 2001 at 03:58:40PM -0700, Roger Frank wrote:
> While I was at school, the system apparently was attacked. The
> logs indicate an "attack alert" on port 111 from 211.36.203.30
>
> Now how do I find out who has that address. I don't want to
> try to go there with a browser since that will indicate that I
> am here and right now the machine has switched to cloaked
> mode from that IP address. I don't even want to traceroute to it,
> or do I? How do you lookup a name from an IP address?
> I'm just curious who this was.
>
> As far as I can tell, the firewall worked fine. Then again, how
> can I be sure?
>
> Roger Frank
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list