Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Dos Attack

From: Fernando Gont <fernando () gont com ar>
Date: Fri, 12 Mar 2004 20:52:28 -0300
At 13:58 12/03/2004 +1300, Craig Spiers wrote:


We are a small ISP located in auckland new zealand.. One of our broadband
clients are currently causing our network to to practically be down outside
of new zealand due to the large amount of traffic.
The offender is connected on the following IP Address..
adsl-068-209-154-249.sip.btr.bellsouth.net
By means of the dig tool (you can find an online interface at http://www.gont.com.ar/tools/dig ) 
You can ask for A records for that domain.
You'll get 68.209.154.249
Then query a whois server to get contact information for the people ersponsible for that block. 

Here's the info I got:


whois for 68.209.154.249

OrgName:    BellSouth.net Inc.
OrgID:      BELL
Address:    575 Morosgo Drive
City:       Atlanta
StateProv:  GA
PostalCode: 30324
Country:    US

ReferralServer: rwhois://rwhois.eng.bellsouth.net:4321

NetRange:   68.208.0.0 - 68.223.255.255
CIDR:       68.208.0.0/12
NetName:    BELLSNET-BLK15
NetHandle:  NET-68-208-0-0-1
Parent:     NET-68-0-0-0-0
NetType:    Direct Allocation
NameServer: NS.BELLSOUTH.NET
NameServer: NS.ATL.BELLSOUTH.NET
Comment:
Comment: For Abuse Issues, email abuse () bellsouth net. NO ATTACHMENTS. Include IP 
Comment:    address, time/date, message header, and attack logs.
Comment: For Subpoena Request, email ipoperations () bellsouth net with "SUBPOENA" in 
Comment:    the subject line. Law Enforcement Agencies ONLY, please.
RegDate:    2003-02-24
Updated:    2003-12-29

AbuseHandle: ABUSE81-ARIN
AbuseName:   Abuse Group
AbusePhone:  +1-404-499-5224
AbuseEmail:  abuse () bellsouth net

TechHandle: JG726-ARIN
TechName:   Geurin, Joe
TechPhone:  +1-404-499-5240
TechEmail:  ipoperations () bellsouth net

OrgAbuseHandle: ABUSE81-ARIN
OrgAbuseName:   Abuse Group
OrgAbusePhone:  +1-404-499-5224
OrgAbuseEmail:  abuse () bellsouth net

OrgTechHandle: JG726-ARIN
OrgTechName:   Geurin, Joe
OrgTechPhone:  +1-404-499-5240
OrgTechEmail:  ipoperations () bellsouth net

# ARIN WHOIS database, last updated 2004-03-11 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.



--------------------------------------------------------------------------------


Hope this helps,



--
Fernando Gont
e-mail: fernando () gont com ar || fgont () acm org





---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html 
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: