Security Basics mailing list archives
Re: Dos Attack
From: Fernando Gont <fernando () gont com ar>
Date: Fri, 12 Mar 2004 20:52:28 -0300
At 13:58 12/03/2004 +1300, Craig Spiers wrote:
We are a small ISP located in auckland new zealand.. One of our broadband clients are currently causing our network to to practically be down outside of new zealand due to the large amount of traffic. The offender is connected on the following IP Address.. adsl-068-209-154-249.sip.btr.bellsouth.net
By means of the dig tool (you can find an online interface at http://www.gont.com.ar/tools/dig )
You can ask for A records for that domain. You'll get 68.209.154.249Then query a whois server to get contact information for the people ersponsible for that block.
Here's the info I got: whois for 68.209.154.249 OrgName: BellSouth.net Inc. OrgID: BELL Address: 575 Morosgo Drive City: Atlanta StateProv: GA PostalCode: 30324 Country: US ReferralServer: rwhois://rwhois.eng.bellsouth.net:4321 NetRange: 68.208.0.0 - 68.223.255.255 CIDR: 68.208.0.0/12 NetName: BELLSNET-BLK15 NetHandle: NET-68-208-0-0-1 Parent: NET-68-0-0-0-0 NetType: Direct Allocation NameServer: NS.BELLSOUTH.NET NameServer: NS.ATL.BELLSOUTH.NET Comment:Comment: For Abuse Issues, email abuse () bellsouth net. NO ATTACHMENTS. Include IP
Comment: address, time/date, message header, and attack logs.Comment: For Subpoena Request, email ipoperations () bellsouth net with "SUBPOENA" in
Comment: the subject line. Law Enforcement Agencies ONLY, please. RegDate: 2003-02-24 Updated: 2003-12-29 AbuseHandle: ABUSE81-ARIN AbuseName: Abuse Group AbusePhone: +1-404-499-5224 AbuseEmail: abuse () bellsouth net TechHandle: JG726-ARIN TechName: Geurin, Joe TechPhone: +1-404-499-5240 TechEmail: ipoperations () bellsouth net OrgAbuseHandle: ABUSE81-ARIN OrgAbuseName: Abuse Group OrgAbusePhone: +1-404-499-5224 OrgAbuseEmail: abuse () bellsouth net OrgTechHandle: JG726-ARIN OrgTechName: Geurin, Joe OrgTechPhone: +1-404-499-5240 OrgTechEmail: ipoperations () bellsouth net # ARIN WHOIS database, last updated 2004-03-11 19:15 # Enter ? for additional hints on searching ARIN's WHOIS database. -------------------------------------------------------------------------------- Hope this helps, -- Fernando Gont e-mail: fernando () gont com ar || fgont () acm org ---------------------------------------------------------------------------Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Current thread:
- Re: FW: Legal? Road Runner proactive scanning.[Scanned], (continued)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 17)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Ansgar -59cobalt- Wiechers (Mar 18)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Derek Schaible (Mar 18)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 19)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 18)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] ~Kevin DavisĀ³ (Mar 18)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Phil Brammer (Mar 19)
- Automatically encrypting and signing to a group of people w/ Outlook 2003? Mark G. Spencer (Mar 19)
- Re: Dos Attack Fernando Gont (Mar 15)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Jef Feltman (Mar 15)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 16)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Phil Brammer (Mar 17)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 17)