RE: Basic Question only
From: Joe Klein (jsklein@mindspring.com)Date: 10/31/02
- Previous message: ONEILL David J: "Re: Interesting One"
- Maybe in reply to: Jon Harding: "RE: Basic Question only"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Joe Klein" <jsklein@mindspring.com> To: "'Christopher Rea'" <chris_rea@hotmail.com>, <security-basics@security-focus.com> Date: Thu, 31 Oct 2002 15:25:39 -0500
Christopher,
To begin with, you need to identify who owns the IP address:
You can do this in two way:
1. Use the whois command in UNIX or
2. go to http://ws.arin.net/cgi-bin/whois.pl to look up each of the IP
addresses.
Next you may want to look up this ip address to see if this IP address
or type of scan is chronic throught out the Internet. Go to
www.incidents.org.
At this point, you need to decide, based on your security policy and
your incident handling policy, what to do next.
Joe Klein, CISSP
-----Original Message-----
From: Christopher Rea [mailto:chris_rea@hotmail.com]
Sent: Wednesday, October 30, 2002 11:52 PM
To: security-basics@security-focus.com
Subject: Basic Question only
I am sure that this is a silly question, but who are these guys that
keep
trying my firewall on port 53 (DNS) and port 8. I am sure they must be
the
good guys, but why do they keep knocking, I only have one DNS server
that is
setup for lookup mode ???
66.28.34.130
204.71.35.136
212.62.17.145
64.14.117.10
66.28.12.98
65.119.25.162
205.158.108.194
64.15.251.198
204.176.88.5
208.185.54.14
64.0.96.12
213.61.6.2
- Previous message: ONEILL David J: "Re: Interesting One"
- Maybe in reply to: Jon Harding: "RE: Basic Question only"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
