[CLUE-Tech] who attacked me?
David Willson
DLWillson at TheGeek.NU
Tue Mar 20 17:07:06 MST 2001
Perhaps this is an AHA! I don't know. Try an anonymous FTP to that
address. It seems to work. This should give many, many leads...
ftp://211.36.203.30/
***********************************************************
* *
* Welcome to KyungWon Tech Co., Ltd !!! *
* *
* CFDRC *
* CEI *
* PDC *
* *
* Anonymous FTP Site for CFD Users *
* ( cfdgate.kw-tech.co.kr ) *
* *
* Directories for File Transfer *
* /pub/incoming/CFD-ACE/ *
* /pub/incoming/EnSight/ *
* /pub/incoming/GridPro/ *
* *
* managed by *
* jkpark at mail.kw-tech.co.kr *
* *
***********************************************************
-----Original Message-----
From: clue-tech-admin at clue.denver.co.us
[mailto:clue-tech-admin at clue.denver.co.us]On Behalf Of David Willson
Sent: Tuesday, March 20, 2001 4:34 PM
To: clue-tech at clue.denver.co.us
Subject: RE: [CLUE-Tech] who attacked me?
This is about as far as I can get:
http://www.apnic.net/apnic-bin/whois2.pl?results=all&search=211.36.203.30
The machine name comes up as CFDGATE. TRACERT adds almost no information,
which usually means that nslookup won't do any good either...
I say nuke 'em, and then listen carefully. If you don't hear swearing,
they're not in your building.
-----Original Message-----
From: clue-tech-admin at clue.denver.co.us
[mailto:clue-tech-admin at clue.denver.co.us]On Behalf Of Tim Russell
Sent: Tuesday, March 20, 2001 4:20 PM
To: clue-tech at clue.denver.co.us
Subject: RE: [CLUE-Tech] who attacked me?
First thing to try is an "nslookup ip" and see if it has a reverse lookup
name. It doesn't seem to, in this case.
Next, you can do a "whois 211.36.203.0 at whois.arin.net | more" and see who
owns the netblock and who the contact is. That'll usually get you something
useful.
Tim
> -----Original Message-----
> From: Roger Frank [mailto:rfrank at rfrank.net]
> Sent: Tuesday, March 20, 2001 15:59
> To: clue-tech at clue.denver.co.us
> Subject: [CLUE-Tech] who attacked me?
>
>
> While I was at school, the system apparently was attacked. The
> logs indicate an "attack alert" on port 111 from 211.36.203.30
>
> Now how do I find out who has that address. I don't want to
> try to go there with a browser since that will indicate that I
> am here and right now the machine has switched to cloaked
> mode from that IP address. I don't even want to traceroute to it,
> or do I? How do you lookup a name from an IP address?
> I'm just curious who this was.
>
> As far as I can tell, the firewall worked fine. Then again, how
> can I be sure?
>
> Roger Frank
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
>
_______________________________________________
CLUE-Tech mailing list
CLUE-Tech at clue.denver.co.us
http://clue.denver.co.us/mailman/listinfo/clue-tech
_______________________________________________
CLUE-Tech mailing list
CLUE-Tech at clue.denver.co.us
http://clue.denver.co.us/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list