[thelist] DNS: Security and Networking

Jeff Wilhelm jwilhelm at summit7solutions.com
Wed Jul 16 21:23:20 CDT 2003 

Just lookup who owns the IP here:
http://www.eye-net.com.au/itools/inetnum.php
And contact the administrator / contact person and tell them the scoop,
the IP, and the times -- provide logs if possible.

Jeff

 

| * J E F F R E Y   M.   W I L H E L M * |
 e: jeff at jeffwilhelm.com
 w: www.jeffwilhelm.com
 e: jeff at summit7solutions.com
 w: www.summit7solutions.com
 p: 401-874-3118 // 401-481-5991
 f: 419-735-8865 // 208-979-7205
 



> -----Original Message-----
> From: thelist-bounces at lists.evolt.org 
> [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Frank
> Sent: Wednesday, July 16, 2003 10:15 PM
> To: thelist at lists.evolt.org
> Subject: [thelist] DNS: Security and Networking
> 
> 
> 
> Some yahoo, probably a professional spammer is hammering away 
> at my machine 
> 24 hours a day, trying to get my SMTP to relay for 
> him/her/it. I'm trying 
> to get to the root of who this person is, but a trace route 
> demonstrates a 
> long trail of false reverse DNS entries.
> 
http://samspade.org/t/trace?a=61.30.21.210 where 61.30.21.210 is obviously

the yahoo's IP registered on my firewall, blocking roughly 20 taps per 
minute. The traced records yield a variety of Chinese companies, none of 
which are traceable themselves. the first traceable item on the route is a

server in California. That actually makes sense, if one is being
surrepticious.

How can I find out who this person is, and what actions, in any form 
whatsoever can I use to stop this dinkhead? My logs are growing by the
hour.

Here's what I know. I've battened down the hatches. The only open ports 
remaining are the ones that I actually use. My SMTP relays are tighter
than 
a nuns pucker on a cold day, and so is my FTP. The only one I might 
question is Apache, as the default install. I keep my virus definitions up

to date on a daily basis, it's running 24/7 completing a full scan on a 
daily basis. Other than unplugging my machine,  and hiding it in a dark 
basement a duck-tapped up in a lead container, are there other ways to 
improve my security?


--
Frank Marion     lists at frankmarion.com      Keep the signal high.  

-- 
* * Please support the community that supports you.  * *
http://evolt.org/help_support_evolt/

Evolt.org conference in London, July 25-27 2003.  Register today at
http://evolt.org.uk

For unsubscribe and other options, including the Tip Harvester 
and archives of thelist go to: http://lists.evolt.org 
Workers of the Web, evolt !

More information about the thelist mailing list