hits from same ip [Archive] - HFT Online Forums

PDA

You are currently viewing a search engine-friendly (archive) version of this page.

View Full Version : hits from same ip

airratt301b

December 7, 2000, 12:57 pm

The firewall has blocked Internet access to your computer (TCP Port 1361) from 207.168.8.126 (HTTP).

Time: 12/7/00 11:49:18

I keep getting hits from the same IP but I can't find out who it is.What do you come up with?

------------------
Steve

manunkind

December 7, 2000, 01:10 pm

Tracing: 207.168.8.126
Date: 12-07-2000
Start Time: 9:12:08.80a

-- PING RESPONSE --

Pinging 207.168.8.126 with 32 bytes of data:

Request timed out.

Ping statistics for 207.168.8.126:
Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

-- NetBIOS QUERY RESULTS --

Host not found.

-- NSLOOKUP QUERY RESULTS --

*** First PTR Name Server Lookup unsuccessful.
*** Second PTR Name Server Lookup unsuccessful.
*** All Three Name Server Lookup attempts were unsuccessful.

-- ARIN WHOIS QUERY RESULTS --

Epoch Networks (NETBLK-HLC-4-EPOCH)
555 Anton Blvd
Costa Mesa, CA 92626
US

Netname: HLC-4-EPOCH
Netblock: 207.168.0.0 - 207.168.255.255
Maintainer: HLC

Coordinator:
ADMINISTRATOR, DNS (KB336-ARIN) DNSTECH@ENI.NET
949-474-4950

Domain System inverse mapping provided by:

AUTH1.NS.ENI.NET 205.214.45.6
AUTH2.NS.ENI.NET 155.229.2.181
AUTH3.NS.ENI.NET 155.229.126.67

Reassignment information is available via:
rwhois.eni.net 4321

Record last updated on 27-Jul-2000.
Database last updated on 7-Dec-2000 07:28:05 EDT.

The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.

-- TRACEROUTE RESULTS --

Tracing route to 207.168.8.126 over a maximum of 30 hops

1 120 ms 118 ms 119 ms rno-max11.greatbasin.net [206.14.169.5]
2 120 ms 115 ms 120 ms rno-core1-max-100mb.greatbasin.net [206.14.169.7]
3 160 ms 109 ms 114 ms rno-core0-ospf-100mb.greatbasin.net [207.228.7.241]
4 120 ms 125 ms 125 ms Serial3-4.GW3.SCL1.ALTER.NET [157.130.232.25]
5 118 ms 120 ms 115 ms 143.at-6-0-0.XR3.SCL1.ALTER.NET [152.63.114.178]
6 129 ms 115 ms 115 ms 195.ATM4-0.GW4.SCL1.ALTER.NET [152.63.53.137]
7 130 ms 115 ms 124 ms exodus-OC12-gw.customer.alter.net [157.130.203.86]
8 120 ms 112 ms 115 ms bbr02-g2-0.sntc05.exodus.net [64.56.192.2]
9 119 ms 118 ms 126 ms bbr02-p1-3.sntc01.exodus.net [209.185.249.97]
10 128 ms 130 ms 110 ms dcr04-g2-0.sntc01.exodus.net [216.33.147.34]
11 125 ms 119 ms 120 ms santaclara-core3-p6-0-04.sntc01.exodus.net [209.1.169.6]
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.

Trace complete.

Trace Started: 9:12:08.80a
Trace Finished: 9:15:54.49a

------------------
Moderator at Help from Techs Support Forums (http://www.helpfromtechs.com)

airratt301b

December 7, 2000, 01:45 pm

That's what I am getting.Who do I talk to about that?

------------------
Steve

manunkind

December 7, 2000, 02:04 pm

If it's a true attack, find any email address or domain name and add "abuse" to the front of it.

DNSTECH@ENI.NET

is now..

abuse@ENI.NET

------------------
Moderator at Help from Techs Support Forums (http://www.helpfromtechs.com)

airratt301b

December 7, 2000, 05:20 pm

Ok I got a dos attack from Bulgaria a dialup.I guess there isn't much I can do about this on is there?

Important - do not complain to ln.net on the grounds of anything you see here.

Address Digger Results
(Version 3.1beta)

--------------------------------------------------------------------------------

Let's go!
Official name: vn-max-021.dial-up.triada.bg

Addresses: 212.50.24.21

--------------------------------------------------------------------------------

Whois for vn-max-021.dial-up.triada.bg
.bg is the geographical domain of Bulgaria (dialling code 359)

(Whois queries for .bg domains can be performed at http://www.digsys.bg/bg-nic/lookup.html)

whois -h whois.ripe.net dial-up.triada.bg

% Rights restricted by copyright. See http://www.ripe.net/ripencc/pub-services/db/copyright.html

% No entries found for the selected (s)source.
%
% If you would like to search on arbitrary strings,
% please see the Database page on the RIPE NCC
% web-site at http://www.ripe.net/ripencc/pub-services/db/
% This will only work for RIPE data.
%
% Please note that the RIPE whoisd service temporarily
% mirrors only ARIN and APNIC databases.

--------------------------------------------------------------------------------

IP block lookup for 212.50.24.21
whois -h whois.ripe.net 212.50.24.21

% Rights restricted by copyright. See http://www.ripe.net/ripencc/pub-services/db/copyright.html

inetnum: 212.50.24.0 - 212.50.24.255
netname: ELWES
descr: Elwes Ltd.
descr: Varna - Central office
country: BG
admin-c: PH4733-RIPE
tech-c: PH4733-RIPE
rev-srv: ns.spnet.net
rev-srv: purgatory.spnet.net
status: ASSIGNED PA
notify: registry@spnet.net
mnt-by: SPNET-MNT
changed: savova@spnet.net 19991227
source: RIPE

route: 212.50.0.0/19
descr: Spectrum NET PA space
origin: AS8717
mnt-by: SPNET-MNT
changed: shtinkov@spnet.net 19981120
source: RIPE

person: Philip Hristov
address: Elwes Ltd.
address: 9, Makarioplski
address: Varna, Bulgaria
phone: +359 52 609697
e-mail: jackson@elwes.net
nic-hdl: PH4733-RIPE
changed: savova@spnet.net 19991215
source: RIPE

Traceroute 212.50.24.21
This end is where samspade.org lives

1 206.117.161.1 (206.117.161.1) 0.559 ms 0.894 ms
2 isi-acg.ln.net (130.152.136.1) 2.477 ms 2.179 ms
3 s4-1-1.lsanca1-cr3.bbnplanet.net (4.24.40.13) 3.669 ms 4.181 ms
4 p2-0.lsanca1-ba1.bbnplanet.net (4.24.4.17) 5.302 ms 5.526 ms
5 p5-0.lsanca2-br1.bbnplanet.net (4.24.4.2) 9.289 ms 4.304 ms
6 p1-0.lsanca1-cr10.bbnplanet.net (4.24.5.129) 3.395 ms 3.286 ms
7 p1-0.xlsanca17-level3.bbnplanet.net (4.24.118.30) 11.483 ms 11.766 ms
8 so-4-1-0.mp2.LosAngeles1.level3.net (209.247.10.205) 11.946 ms 11.852 ms
9 212.187.128.137 (212.187.128.137) 83.726 ms 83.739 ms
10 gigabitethernet7-0.ipcolo2.London1.L3.net (212.113.0.113) 151.321 ms 150.860 ms
11 212.187.151.10 (212.187.151.10) 152.606 ms 153.892 ms
12 62.32.32.17 (62.32.32.17) 579.734 ms 543.867 ms
13 62.32.32.42 (62.32.32.42) 584.857 ms 617.110 ms
14 * *
15 sms-in.spnet.net (212.50.10.126) 457.960 ms 473.801 ms
16 feth5-router.spnet.net (212.50.10.125) 466.290 ms 475.955 ms
17 feth-router2.spnet.net (212.50.0.2) 470.36 ms 466.282 ms
18 * trinidad.triada.bg (212.50.28.241) 822.553 ms
19 gw-fuego.triada.bg (212.50.28.242) 716.368 ms 596.532 ms
20 vn-max.triada.bg (212.50.28.180) 670.944 ms 671.265 ms
21 vn-max-021.dial-up.triada.bg (212.50.24.21) 1092.681 ms 1008.746 ms

This end is where the people you're tracerouting to live

--------------------------------------------------------------------------------

Sam Spade Home © Contact

------------------
Steve