[CLUE-Tech] how to find responsible party for an IP?
Dave Hahn
dhahn at techangle.com
Mon Aug 26 18:30:30 MDT 2002
PortSentry is actually very tunable. You can choose what to do when you see
inappropriate traffic. I wouldn't run a box on the net without it. You
should be able to get it up and going in about 5 minutes.
*Everybody* should be looking at this tool.
-----Original Message-----
From: clue-tech-admin at clue.denver.co.us
[mailto:clue-tech-admin at clue.denver.co.us]On Behalf Of Adam Bultman
Sent: Sunday, August 25, 2002 4:47 PM
To: clue-tech at clue.denver.co.us
Subject: Re: [CLUE-Tech] how to find responsible party for an IP?
Evidently newer versions of port sentry can be used to actually block
people on the fly. While I'd be worried about that, especially on a
server (not one's own box) the idea is really cool. Some decides to hit
a few ports on you, and the find that you drop off the net after a
couple of dozen ports.
I haven't tried the new version, but likely will in the next week, as my
server (home) will be moving from behind a cisco to bare-on the net.
On Sun, 25 Aug 2002, TJ Schuler wrote:
> Dave,
>
> Not sure if you found your way to this site but I will post it just in
case
> / for the benefit of others.
>
> http://ip.nic.or.kr/english/index.html
>
> On a side note sometimes the only way to handle this is to do exactly what
> you said - dropping the packet - I have had more than a few large
customers
> that drop all packets from china, korea and a few other network ranges at
> their ingress routers so their firewalls dont have to even deal with it.
> This does make one long access-list though.
>
> --TJ
> ----- Original Message -----
> From: "Dave Price" <davep at kinaole.org>
> To: <clue-tech at clue.denver.co.us>
> Sent: Sunday, August 25, 2002 3:45 PM
> Subject: Re: [CLUE-Tech] how to find responsible party for an IP?
>
>
> > Thanks!
> >
> > Of course it is a korean address - guess I just put a drop rule in my
> > firewall and live with it.... :(
> >
> > aloha,
> > dave
> >
> > On Sun, Aug 25, 2002 at 03:31:38PM -0600, TJ Schuler wrote:
> > > Check out http://www.arin.net/ - whois on the top of the page.
> > >
> > > -TJ
> > > ----- Original Message -----
> > > From: "Dave Price" <davep at kinaole.org>
> > > To: <clue-tech at clue.denver.co.us>
> > > Sent: Sunday, August 25, 2002 3:16 PM
> > > Subject: [CLUE-Tech] how to find responsible party for an IP?
> > >
> > >
> > > > Hi,
> > > >
> > > > I am getting _constant_ connection attempts from an ip address. How
> can
> > > > I find out who is resonsible for a numeric address?
> > > >
> > > > aloha,
> > > > dave
> > > >
> > > > _______________________________________________
> > > > CLUE-Tech mailing list
> > > > CLUE-Tech at clue.denver.co.us
> > > > http://clue.denver.co.us/mailman/listinfo/clue-tech
> > >
> > > _______________________________________________
> > > CLUE-Tech mailing list
> > > CLUE-Tech at clue.denver.co.us
> > > http://clue.denver.co.us/mailman/listinfo/clue-tech
> > _______________________________________________
> > CLUE-Tech mailing list
> > CLUE-Tech at clue.denver.co.us
> > http://clue.denver.co.us/mailman/listinfo/clue-tech
>
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
>
--
Adam Bultman
adam at glaven.org
[ http://www.glaven.org ]
_______________________________________________
CLUE-Tech mailing list
CLUE-Tech at clue.denver.co.us
http://clue.denver.co.us/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list