On Sunday 10 June 2007, [EMAIL PROTECTED] wrote: > > Someone is trying to ssh on to my system. Trying on several ports. Not > > the first time, either. Thankfully, he does not have a password. Besides > > a bunch of Deprecated option ReverseMappingCheck, so far no harm done. > > > > Since my logs have this IP number, how do I find out who it is? > > dig > > To look at, for example, 68.99.123.13 do this: > $ dig 13.123.99.68.in-addr.arpa > > Note how I reversed the numbers and appended ".in-addr.arpa". > ...... >I sometimes use this little script. > >================================================= > >#!/bin/bash >lynx -dump "http://api.hostip.info/rough.php?ip=$1"; > >nslookup $1
They both give me nameservers with similar IPs and the script gives me a host name. What do I do with it?
