On Thu, 18 Nov 1999, Gavin Durman said:
GD>Don't know if I've missed it, but there's an awful lot of "heads up" e-mail
GD>coming to me about scans of port 98 from 170.1.173.82, 216.59.27.31 and
GD>216.0.149.200 ( and I think there's more, but these were the most common).
GD>Is this an "stealthy" way of detecting LINUX boxes running linuxconf for an
GD>exploit? Or is it just to see if that system is running LINUX? Thanks.
This is being discussed on [EMAIL PROTECTED] and has been reported
to Cert. Here's some info about the hosts you've reported. These should be
reported to the folks who own the ip space! I would do it but I haven't been
scanned and do not have the logs... not my issue! :-)
[root@server /etc]# host 170.1.173.82
Host not found.
[root@server /etc]# getip 170.1.173.82
[whois.arin.net]
Columbia Health Care (NET-COLUMBIAHEALTH)
708 W. Magazine Street
Louisville, KY 40201-7434
Netname: COLUMBIAHEALTH
Netnumber: 170.1.0.0
Coordinator:
Service Administration, Domain Name (DNS1048-ARIN)
[EMAIL PROTECTED]
Voice 415-988-2900 Fax 415-988-2906
Domain System inverse mapping provided by:
NS.BRAINSTORM.NET 205.164.112.2
LAMBDA.LAMBDATEL.COM 192.83.199.1
NS2.BRAINSTORM.NET 205.164.112.3
Record last updated on 03-Sep-1996.
Database last updated on 17-Nov-1999 15:58:47 EDT.
[root@server /etc]# host 216.59.27.31
31.27.59.216.IN-ADDR.ARPA domain name pointer 216-59-27-31.usa.flashcom.net
[root@server /etc]# getip 216.59.27.31
[whois.arin.net]
Flashcom, Inc. (NETBLK-NETBLK-FLASHCOM-1)
5312 Bolsa Ave.
Huntington Beach, CA 92649
US
Netname: NETBLK-FLASHCOM-1
Netblock: 216.59.0.0 - 216.59.127.255
Maintainer: FLCM
Coordinator:
Benton, Curtis (CB373-ARIN) [EMAIL PROTECTED]
(714) 891-7891
Domain System inverse mapping provided by:
NS1.FLASHCOM.COM 209.185.207.135
NS2.FLASHCOM.COM 216.32.32.182
NS3.FLASHCOM.COM 209.0.225.243
ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Record last updated on 13-Oct-1999.
Database last updated on 17-Nov-1999 15:58:47 EDT.
[root@server /etc]# getip 216.0.149.200
[whois.arin.net]
DIGEX, Inc. (NETBLK-DIGEX-BLK16)
6800 Virginia Manor Road
Beltsville, MD 20705
US
Netname: DIGEX-BLK16
Netblock: 216.0.0.0 - 216.5.255.255
Maintainer: DIGX
Coordinator:
Hostmaster Role Account (DIGEX2-ARIN) [EMAIL PROTECTED]
301.847.5000
Fax- 301.847.6296
Domain System inverse mapping provided by:
NS.DIGEX.NET 164.109.1.3
NS2.DIGEX.NET 164.109.10.23
*Rwhois information on assignments from this block available from
* rwhois.digex.net 4321
ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Record last updated on 17-May-1999.
Database last updated on 17-Nov-1999 15:58:47 EDT.
--
Chuck Mead, CTO, MoonGroup Consulting, Inc. <http://moongroup.com>
Mail problems? Send "s-u-b-s-c-r-i-b-e mailhelp" (no quotes and no
hyphens) in the body of a message to [EMAIL PROTECTED]
Public key available at: wwwkeys.us.pgp.net
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
