RE: Basic Question only

["Joe Klein" <jsklein () mindspring com>]

Christopher,

To begin with, you need to identify who owns the IP address:

You can do this in two way:

1. Use the whois command in UNIX or
2. go to http://ws.arin.net/cgi-bin/whois.pl to look up each of the IP
addresses.

Next you may want to look up this ip address to see if this IP address
or type of scan is chronic throught out the Internet. Go to
www.incidents.org. 

At this point, you need to decide, based on your security policy and
your incident handling policy, what to do next. 

Joe Klein, CISSP

-----Original Message-----
From: Christopher Rea [mailto:chris_rea () hotmail com] 
Sent: Wednesday, October 30, 2002 11:52 PM
To: security-basics () security-focus com
Subject: Basic Question only

I am sure that this is a silly question, but who are these guys that
keep
trying my firewall on port 53 (DNS) and port 8. I am sure they must be
the
good guys, but why do they keep knocking, I only have one DNS server
that is
setup for lookup mode ???









66.28.34.130

204.71.35.136

212.62.17.145

64.14.117.10

66.28.12.98

65.119.25.162

205.158.108.194

64.15.251.198

204.176.88.5

208.185.54.14

64.0.96.12

213.61.6.2