[nycbug-talk] Researching ISP for an IP
Sun Aug 14 01:16:39 EDT 2005
On Sun, Aug 14, 2005 at 12:08:47AM -0400, Francisco Reyes wrote:
> Someone launched a dictionary attack against my machine.
> Nothing new...
> However, I always use IP2Location to see where
> the attack is coming from.. just for my curiosity.
> This particular IP, 126.96.36.199, was from New York so I figure I would
> try to find the ISP to complain.
> dig -x reports
> ;; ANSWER SECTION:
> 188.8.131.52.in-addr.arpa. 78337 IN PTR ros75-27.optonline.net.
> but then
> dig ros75-27.optonline.net
> ;; QUESTION SECTION:
> ;ros75-27.optonline.net. IN A
> Tried traceroute and mtr, but got nowhere.
> Not even ping did anything when I tried
> ping 184.108.40.206
> Is it possibly the attacker just spoofed the IP?
It pings, at least now.
Those are usually hacked zombies. To report, do a whois on the IP/subnet.
OrgName: Cablevision Systems Corp.
OrgAbuseEmail: abuse at cv.net
More information about the talk