Security Basics mailing list archives
RE: Basic Question only
From: "Joe Klein" <jsklein () mindspring com>
Date: Thu, 31 Oct 2002 15:25:39 -0500
Christopher, To begin with, you need to identify who owns the IP address: You can do this in two way: 1. Use the whois command in UNIX or 2. go to http://ws.arin.net/cgi-bin/whois.pl to look up each of the IP addresses. Next you may want to look up this ip address to see if this IP address or type of scan is chronic throught out the Internet. Go to www.incidents.org. At this point, you need to decide, based on your security policy and your incident handling policy, what to do next. Joe Klein, CISSP -----Original Message----- From: Christopher Rea [mailto:chris_rea () hotmail com] Sent: Wednesday, October 30, 2002 11:52 PM To: security-basics () security-focus com Subject: Basic Question only I am sure that this is a silly question, but who are these guys that keep trying my firewall on port 53 (DNS) and port 8. I am sure they must be the good guys, but why do they keep knocking, I only have one DNS server that is setup for lookup mode ??? 66.28.34.130 204.71.35.136 212.62.17.145 64.14.117.10 66.28.12.98 65.119.25.162 205.158.108.194 64.15.251.198 204.176.88.5 208.185.54.14 64.0.96.12 213.61.6.2
Current thread:
- RE: Basic Question only Jon Harding (Nov 01)
- <Possible follow-ups>
- Re: Basic Question only Kylus (Nov 01)
- RE: Basic Question only Joe Klein (Nov 01)
- Re: Basic Question only Richard H. Cotterell (Nov 01)