| From: | Nicklas 'Alcom' J�nsson |
| Date: | 27 Jun 2001 at 13:14:27 |
| Subject: | Re: Internet Abuse and Port Hacks (reply) |
>From: Craig_Daines@excite.co.uk
>Subject: [amigactive] Re: Internet Abuse and Port Hacks (reply)
>
>Well, ports are opening even if a server running on them: here is an
>example of an illegal port attack which occured 2nite.
>
>Access from host 211.162.94.1 to port tcp/111 allowed.
>
>Lookup Enquiry of service port 111 reveals:-
>TCP--sunrpc portmapper. Sun Remote Procedure Call/Portmapper.
hmmm...looks innocent enough too me.
>
>NetInfo II lookup of this above host: UNKNOWN. Location Netherlands
>dns FTP server.
>
nope...your mr. 211.162.94.1 is:
inetnum: 211.162.80.0 - 211.162.95.255
netname: SZGWBN-GUANGZHOU
descr: Shenzhen GWBN,Guangzhou Metropolitian Area Network
country: CN
admin-c: JM97-AP
tech-c: JM97-AP
mnt-by: MAINT-CNNIC-AP
changed: mengjian@gwbn.net.cn 20010322
source: APNIC
person: Jian Meng
address: 2nd Floor, Building A
address: #9 Donghuan Plaza, Dong Zhong Street
address: East District, Beijing, China (100027)
country: CN
phone: +86-10-6418-5885
fax-no: +86-10-64182174
e-mail: mengjian@gwbn.net.cn
nic-hdl: JM97-AP
mnt-by: MAINT-CNNIC-AP
changed: mengjian@gwbn.net.cn 20010424
source: APNIC
ie: i guess you just tried the european part in netinfo II...if you goto
http://www.iana.org you can find links to the european, asian & american ip
lookups services.
but as the above shows, (if your still bothered with this ip) then contact
mr. Jian Meng (mengjian@gwbn.net.cn)
> > > What is the best thing to do in the event of abuse? I have passed the
> > > logs onto my ISP and the ISP's of the hosts concerned, so hopefully
> > > I've done the right thing 8)
> >
> > Most ISPs have an email address of abuse@isp for this sort of thing.
>
>Yes I am aware of that, I have sent the log files to the ISP's
>concerned.
good, but remember YOUR ISP can do nothing if the intruder isn't from the
same country as you.
btw: i also get some 4-5 different attempts daily against my computer but it
is usually just script kids trying to find netbus or backorfice infected
computers...
// Nicklas //
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Quote carefully and read all ADMIN:README mails
To unsubscribe mailto:amigactive-unsubscribe@yahoogroups.com
Anyone sending unsubscribe messages to the list will be SHOT!
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/