nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: "portscans" (was Re: Arbor Networks DoS defense product)

From: Ralph Doncaster <ralph () istop com>
Date: Sun, 19 May 2002 16:25:20 -0400 (EDT)

That's a netblock, not an IP address.  Your script kiddie at home with a
cable modem or ADSL connection is not going to have his IP SWIP'd or
populated in his ISP's rwhois server. Try that with 206.47.27.12 for
instance.  That is a Sympatico ADSL customer here in Ottawa.

Ralph Doncaster
principal, IStop.com     
div. of Doncaster Consulting Inc.

On Sun, 19 May 2002, Alex Rubenstein wrote:




helium:~$ whois -a 207.99.113.65
Net Access Corporation (NETBLK-NAC-NETBLK01)
   1719b Route 10E, Suite 111
   Parsippany, NJ 07054
   US

   Netname: NAC-NETBLK01
   Netblock: 207.99.0.0 - 207.99.127.255
   Maintainer: NAC

   Coordinator:
      Net Access Corporation  (ZN77-ARIN)  legal () nac net
      800-638-6336

   Domain System inverse mapping provided by:

   NS1.NAC.NET                  207.99.0.1
   NS2.NAC.NET                  207.99.0.2

   ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE

   * Reassignment information for this network is available
   * at whois.nac.net 43




On Sun, 19 May 2002, Ralph Doncaster wrote:




rough assessment of their network security, which was important to me
as a customer for obvious reasons.


In that case, I would not consider the scan to have come from an
'unaffiliated' person. I'm sure if the bank's network operator noticed it,
and contacted you, things would have been cleared up with no harm done. To


It sounds like you know something that I don't.  How do you find out the
contact information for someone given only an IP address?

-Ralph





-- Alex Rubenstein, AR97, K2AHR, alex () nac net, latency, Al Reuben --
--    Net Access Corporation, 800-NET-ME-36, http://www.nac.net   --
Previous By Date Next
Previous By Thread Next

Current thread: