[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Help wanted tracking down IP 211.115.219.57
- Subject: Re: [cobalt-users] Help wanted tracking down IP 211.115.219.57
- From: flash22@xxxxxxx
- Date: Thu Mar 1 22:09:41 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Tue, 27 Feb 2001 johnm@xxxxxxxxxxxxxxxxxxxx wrote:
> Hi there,
>
> Feb 26 23:04:27 ns portsentry[758]: attackalert: SYN/Normal scan from
> host: 211.115.219.57/211.115.219.57 to TCP port: 111
>
> As I say, I can normally find the owner of the IP address using Sam Spade
> but this one has me beaten. Can anyone point me in the right direction so
> that I can find out who this IP address belongs to?
Stop using that silly thing, use the official sources, www.arin.net
maintains all us delegations and the external mappings for other countries
(eg it will tell you where to ask if it's an ip in a block used in some
other country)
In this case it refers to APNIC, (asia pacific network information center)
Which identifies it as:
211.104.0.0 - 211.119.255.255 -> krnic (korean networkinformation center)
(ok , sometimes it's kinda a pain ;)
Unfortunatly, the results are almost totally in korean :(
best guess (might be their upstream)
: GNGNetworks
: GNGIDC
: abuse@xxxxxxxxxx
---
In cases where you are mostly just curious , doing a traceroute often
yields enough clues to make a fair guess, not always th0..
(in this case i got 90% packet loss and no reverse names at all past ca)
(I gave up a week ago after getting hit by tons of what appear to be
dialup type IP's and blocked the entire .kr netblock...)
gsh