Re: Help Me figure this out please

From: A. (nospam_at_home.org)
Date: 02/10/04

  • Next message: Nick: "Re: LDAP question" 
    Date: Tue, 10 Feb 2004 20:49:14 +0100

    Bit Twister wrote:

    > On Mon, 09 Feb 2004 04:41:35 GMT, Joe Shmoe wrote:
    >>
    >> First, let me butter you up by saying you guys are the greatest.
    >
    > Ah, shucks
    >
    >> My firewall log has been going nuts today with this entry repeated every
    >> couple of seconds. Any idea what it's about? I tried a google but that
    >> just confused me even more.
    >
    >> Feb 8 20:44:01 dulouz kernel: catch-all IN=eth0 OUT=
    >> MAC=00:20:78:10:db:46:00:00:77:95:ed:18:08:00 SRC=24.83.185.153
    >> DST=24.83.185.38 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=23183 DF PROTO=TCP
    >> SPT=3915 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
    >
    > host 24.83.185.153 shows that h24-83-185-153.vf.shawcable.net
    > is trying destination port 445 on your box.
    >
    > grep 445 /etc/services shows
    > microsoft-ds 445/tcp
    > microsoft-ds 445/udp

    Hi, its no Class C, look at this here:

    whois 24.83.185.153
    [Querying whois.arin.net]
    [whois.arin.net]

    OrgName: Shaw Communications Inc.
    OrgID: SHAWC
    Address: Suite 800
    Address: 630 - 3rd Ave. SW
    City: Calgary
    StateProv: AB
    PostalCode: T2P-4L4
    Country: CA

    NetRange: 24.80.0.0 - 24.87.255.255
    CIDR: 24.80.0.0/13
    NetName: SHAW-COMM
    NetHandle: NET-24-80-0-0-1
    Parent: NET-24-0-0-0-0
    NetType: Direct Allocation
    NameServer: NS2SO.CG.SHAWCABLE.NET
    NameServer: NS1SO.CG.SHAWCABLE.NET
    Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
    RegDate: 2001-07-12
    Updated: 2003-06-20

    OrgAbuseHandle: SHAWA-ARIN
    OrgAbuseName: SHAW ABUSE
    OrgAbusePhone: +1-403-750-7420
    OrgAbuseEmail: internet.abuse@sjrb.ca

    OrgTechHandle: ZS178-ARIN
    OrgTechName: Shaw High-Speed Internet
    OrgTechPhone: +1-403-750-7428
    OrgTechEmail: ipadmin@sjrb.ca 

    -- 
A.
  • Next message: Nick: "Re: LDAP question"

    Relevant Pages

    • Re: IBM ViaVoice 10.5?
      ... A spammer troll posting a personal e-mail address, ... OrgAbuseHandle: OOLAB-ARIN ... OrgAbuseName: OOL Hostmaster ... OrgTechName: OOL Hostmaster ...
      (comp.speech.users)
    • Re: OT- How do the phishers clean their trail???
      ... >OrgName: Verizon Internet Services Inc. ... >OrgAbuseHandle: VISAB-ARIN ... >OrgTechName: Verizon Internet Services ... for additional hints on searching ARIN's WHOIS database. ...
      (alt.machines.cnc)
    • Re: New truck?
      ... > OrgTechName: EarthLink Inc ... > OrgAbuseHandle: ABUSE60-ARIN ... > RTechName: Domain Administrator, Administrator ... Kalif Swill is really Looney??? ...
      (rec.boats)
    • Re: "Twittering One" = twitteringone_at_aol_dot_com
      ... > OrgAbuseHandle: AOL382-ARIN ... > OrgNOCHandle: AOL236-ARIN ... > OrgTechName: America Online, Inc. ... > # ARIN WHOIS database, ...
      (sci.med)