Yoink! wrote:
> I have suspicious portscans coming in routinely. How do I send an e-mail to
> the appropriate sysadmins to have things looked at on their side when they
> are outside the .COM, .NET, .ORG, and .EDU domains? Whois won't work on
> them...
>
> For instance, atech.lc.cc.il.us/209.96.41.1 keeps trying to portscan me.
> Several other ip address have showed up in my logs too, but I've handled them.
>
> TIA... just need to know what to do next. I know I can just ip deny i'm but
> I'm proactive and if somebody has comprimised their network I'd like to tip
> them off somehow...
What I do is this:
$ whois 209.96.41.
You can assume (usually) that the 1st name (atech in this example) is a
machine name, so you could also try `whois lc.cc.il.us`. But, since this
is a .us domain, I'd rather go a step upwards.
This will give some information about who's responsible for the network.
In this case, it gives the nameservers at LCCOLLEGE.ORG and the registrar
as being networksolutions.com Then:
$ whois [EMAIL PROTECTED]
This gives the admin contact.
-W-
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
