[thelist] DNS: Security and Networking
Jeff Wilhelm
jwilhelm at summit7solutions.com
Wed Jul 16 21:23:20 CDT 2003
Just lookup who owns the IP here:
http://www.eye-net.com.au/itools/inetnum.php
And contact the administrator / contact person and tell them the scoop,
the IP, and the times -- provide logs if possible.
Jeff
| * J E F F R E Y M. W I L H E L M * |
e: jeff at jeffwilhelm.com
w: www.jeffwilhelm.com
e: jeff at summit7solutions.com
w: www.summit7solutions.com
p: 401-874-3118 // 401-481-5991
f: 419-735-8865 // 208-979-7205
> -----Original Message-----
> From: thelist-bounces at lists.evolt.org
> [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Frank
> Sent: Wednesday, July 16, 2003 10:15 PM
> To: thelist at lists.evolt.org
> Subject: [thelist] DNS: Security and Networking
>
>
>
> Some yahoo, probably a professional spammer is hammering away
> at my machine
> 24 hours a day, trying to get my SMTP to relay for
> him/her/it. I'm trying
> to get to the root of who this person is, but a trace route
> demonstrates a
> long trail of false reverse DNS entries.
>
http://samspade.org/t/trace?a=61.30.21.210 where 61.30.21.210 is obviously
the yahoo's IP registered on my firewall, blocking roughly 20 taps per
minute. The traced records yield a variety of Chinese companies, none of
which are traceable themselves. the first traceable item on the route is a
server in California. That actually makes sense, if one is being
surrepticious.
How can I find out who this person is, and what actions, in any form
whatsoever can I use to stop this dinkhead? My logs are growing by the
hour.
Here's what I know. I've battened down the hatches. The only open ports
remaining are the ones that I actually use. My SMTP relays are tighter
than
a nuns pucker on a cold day, and so is my FTP. The only one I might
question is Apache, as the default install. I keep my virus definitions up
to date on a daily basis, it's running 24/7 completing a full scan on a
daily basis. Other than unplugging my machine, and hiding it in a dark
basement a duck-tapped up in a lead container, are there other ways to
improve my security?
--
Frank Marion lists at frankmarion.com Keep the signal high.
--
* * Please support the community that supports you. * *
http://evolt.org/help_support_evolt/
Evolt.org conference in London, July 25-27 2003. Register today at
http://evolt.org.uk
For unsubscribe and other options, including the Tip Harvester
and archives of thelist go to: http://lists.evolt.org
Workers of the Web, evolt !
More information about the thelist
mailing list