[nycbug-talk] Researching ISP for an IP

George R. george
Sun Aug 14 00:13:12 EDT 2005

Francisco Reyes wrote:
> Someone launched a dictionary attack against my machine.
> Nothing new...
> However, I always use IP2Location to see where the attack is coming 
> from.. just for my curiosity.
> This particular IP,, was from New York so I figure I would 
> try to find the ISP to complain.
> dig -x reports
> 78337 IN    PTR     ros75-27.optonline.net.
> but then
> dig ros75-27.optonline.net
> ;ros75-27.optonline.net.                IN      A
> Tried traceroute and mtr, but got nowhere.
> Not even ping did anything when I tried
> ping
> Is it possibly the attacker just spoofed the IP?

Sure, that's possible. . .

Optonline very infrequently changes it's dynamic clients from what i've 
seen.  And there are enough home routers out there that do not reply to 
pings. . .

 From my experiences, these ssh dictionary attacks come from zombied 
boxes, although it could certainly be intentional.


More information about the talk mailing list