[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: tracking an IP address

From: Rick Stevens <rstevens vitalstream com>
To: redhat-install-list redhat com
Subject: Re: tracking an IP address
Date: Fri, 28 Jun 2002 14:54:18 -0700

Mick Mearns wrote:

Hello;
   I am running RH-7.3 with the -5 kernel update.
I use 'firestarter' iptables for ppp0, "simple setup",no services.
I am getting hit a lot from: 216.136.173.153
Mostly on the 32990 and up ports.
Including: '33270 216.136.173.153 trinity'
I did a google search and checked my system, I don't have trinity. I ran 'chkrootkit' and all is fine. I have an external modem, - no activity.

How do I find out who/what this person is?


# dig -x 216.136.173.153
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20438
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5

;; QUESTION SECTION: ;153.173.136.216.in-addr.arpa. IN PTR

;; ANSWER SECTION:
153.173.136.216.in-addr.arpa. 3600 IN	PTR	f142.mail.yahoo.com.

;; AUTHORITY SECTION:
173.136.216.in-addr.arpa. 172800 IN	NS	ns1.yahoo.com.
173.136.216.in-addr.arpa. 172800 IN	NS	ns2.yahoo.com.
173.136.216.in-addr.arpa. 172800 IN	NS	ns3.yahoo.com.
173.136.216.in-addr.arpa. 172800 IN	NS	ns4.yahoo.com.
173.136.216.in-addr.arpa. 172800 IN	NS	ns5.yahoo.com.

;; ADDITIONAL SECTION: ns1.yahoo.com. 172800 IN A 66.218.71.63 ns2.yahoo.com. 172800 IN A 209.132.1.28 ns3.yahoo.com. 172800 IN A 217.12.4.104 ns4.yahoo.com. 172800 IN A 63.250.206.138 ns5.yahoo.com. 172800 IN A 64.58.77.85

;; Query time: 84 msec
;; SERVER: 64.7.192.162#53(64.7.192.162)
;; WHEN: Fri Jun 28 14:51:54 2002
;; MSG SIZE  rcvd: 249

Hmmm, a mail server at Yahoo, eh?  I'd doubt if that's actually it.
I suspect the hack attempt is using a spoofed source address, but you
might want to call Yahoo.


My local and remote addresses are: 216.58.xxx.xxx
Are they on my ISP?
Should I contact my ISP?

That's an option. Have them trace that back through their routers.

----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens vitalstream com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-  You know you've landed gear-up when it takes full power to taxi.  -
----------------------------------------------------------------------

References:
- tracking an IP address
  - From: Mick Mearns

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]