[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] IP spoof? Where do I go now?

Subject: Re: [cobalt-users] IP spoof? Where do I go now?
From: SM <nntp@xxxxxxxxx>
Date: Sun Mar 18 14:26:01 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

At 15:38 18-03-2001 -0000, Dan wrote:
>For the past two weeks someone using IP Address 192.168.0.1 has been
>portscanning me on various ports.  I went to the Arin website and punched in
>the IP and got this:

I wonder how many people email IANA with such queries. :)

>Now what do I do - the IP is being blocked by Portsentry & IPchains but I
>notice I got this from my logcheck just now:
>
>Mar 18 14:29:27 kernel: Packet log: input DENY eth0 PROTO=17 192.168.0.1:67
>255.255.255.255:68 L=328 S=0x00 I=21004 F=0x0000 T=128 (#1)

The subject of this email has the words "IP Spoof".  That says it all.

>What does this mean? Also what can I do about 192.168.0.1 now? I put the
>same IP address in internic's WHOIS search and got the following:
>   Registrar: CORE INTERNET COUNCIL OF REGISTRARS
>What am I to do with this information - does it help me at all?

The information won't be of any help unless you are going to press charges
against the Council under the Computer Misuse Act (UK). :)

-sm

References:
- [cobalt-users] IP spoof? Where do I go now?
  - From: Dan

Prev by Date: RE: [cobalt-users] PortSentry works !
Next by Date: Re: [cobalt-users] Web Hosting
Previous by thread: Re: [cobalt-users] IP spoof? Where do I go now?
Next by thread: [cobalt-users] SWATCH: The Simple WATCHer

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index