[nycbug-talk] Researching ISP for an IP
George R.
george
Sun Aug 14 00:13:12 EDT 2005
Francisco Reyes wrote:
> Someone launched a dictionary attack against my machine.
> Nothing new...
>
> However, I always use IP2Location to see where the attack is coming
> from.. just for my curiosity.
>
> This particular IP, 167.206.75.27, was from New York so I figure I would
> try to find the ISP to complain.
>
> dig -x reports
>
> ;; ANSWER SECTION:
> 27.75.206.167.in-addr.arpa. 78337 IN PTR ros75-27.optonline.net.
>
> but then
> dig ros75-27.optonline.net
> ;; QUESTION SECTION:
> ;ros75-27.optonline.net. IN A
>
> Tried traceroute and mtr, but got nowhere.
> Not even ping did anything when I tried
> ping 167.206.75.27
>
>
> Is it possibly the attacker just spoofed the IP?
Sure, that's possible. . .
Optonline very infrequently changes it's dynamic clients from what i've
seen. And there are enough home routers out there that do not reply to
pings. . .
From my experiences, these ssh dictionary attacks come from zombied
boxes, although it could certainly be intentional.
g
More information about the talk
mailing list