"portscans" (was Re: Arbor Networks DoS defense product)
Ralph Doncaster
ralph at istop.com
Sun May 19 20:25:20 UTC 2002
That's a netblock, not an IP address. Your script kiddie at home with a
cable modem or ADSL connection is not going to have his IP SWIP'd or
populated in his ISP's rwhois server. Try that with 206.47.27.12 for
instance. That is a Sympatico ADSL customer here in Ottawa.
Ralph Doncaster
principal, IStop.com
div. of Doncaster Consulting Inc.
On Sun, 19 May 2002, Alex Rubenstein wrote:
>
>
> helium:~$ whois -a 207.99.113.65
> Net Access Corporation (NETBLK-NAC-NETBLK01)
> 1719b Route 10E, Suite 111
> Parsippany, NJ 07054
> US
>
> Netname: NAC-NETBLK01
> Netblock: 207.99.0.0 - 207.99.127.255
> Maintainer: NAC
>
> Coordinator:
> Net Access Corporation (ZN77-ARIN) legal at nac.net
> 800-638-6336
>
> Domain System inverse mapping provided by:
>
> NS1.NAC.NET 207.99.0.1
> NS2.NAC.NET 207.99.0.2
>
> ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
>
> * Reassignment information for this network is available
> * at whois.nac.net 43
>
>
>
>
> On Sun, 19 May 2002, Ralph Doncaster wrote:
>
> >
> > > > rough assessment of their network security, which was important to me
> > > > as a customer for obvious reasons.
> > >
> > > In that case, I would not consider the scan to have come from an
> > > 'unaffiliated' person. I'm sure if the bank's network operator noticed it,
> > > and contacted you, things would have been cleared up with no harm done. To
> >
> > It sounds like you know something that I don't. How do you find out the
> > contact information for someone given only an IP address?
> >
> > -Ralph
> >
> >
> >
>
> -- Alex Rubenstein, AR97, K2AHR, alex at nac.net, latency, Al Reuben --
> -- Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
>
>
>
More information about the NANOG
mailing list