Re: tracking an IP address

[Bob McClure Jr <robertmcclure earthlink net>]

On Fri, Jun 28, 2002 at 01:07:47PM -0700, Mick Mearns wrote:
> Hello;
>    I am running RH-7.3 with the -5 kernel update.
> I use 'firestarter' iptables for ppp0, "simple setup",no services.
> I am getting hit a lot from: 216.136.173.153
> Mostly on the 32990 and up ports.
> Including: '33270 216.136.173.153 trinity'
> 
> I did a google search and checked my system,  
> I don't have trinity.
> I ran 'chkrootkit' and all is fine.
> I have an external modem, - no activity.
> 
> How do I find out who/what this person is?

I use

 http://ws.arin.net/cgi-bin/whois.pl

It says that is a block owned by Yahoo.

> My local and remote addresses are: 216.58.xxx.xxx
> Are they on my ISP?

Yes, but not on the same subnet.

> Should I contact my ISP?

You could, but it is unlikely they could/should/would do anything.

Your firewall is doing its job.  I don't recall if the default is to
reject the packets or drop them, but if you set it to drop, the probe
doesn't see you (I think - I'm sure I'll be corrected if wrong :-).

> Thank You
> 
>   Mick M.

Cheers,
-- 
Bob McClure, Jr.            | Any chance we can eject the
Bobcat Open Systems, Inc.   | People's Republic of San Francisco
robertmcclure earthlink net | from the Union?