Firewall Wizards mailing list archives

Re: Scans Observed by Officer Friendly

From: "Michael H. Warfield" <mhw () wittsend com>
Date: Tue, 18 May 1999 09:16:02 -0400 (EDT)

Randy Grimshaw enscribed thusly:

Where would the address 24.93.46.49 be comming from?


        whois and nslookup are your friends...

        (BTW the "24Net" Class A block is amazingly chopped up)

banshee:/# whois 24.93.46 () arin net
[arin.net]
Time Warner Cable (NETBLK-RR-1) RR-1                 24.92.0.0 - 24.95.255.255
TimeWarnerCable-RoadRunner-Gguadalupe-mcr1 (NETBLK-RR-AUS-GUA1) RR-AUS-GUA1
                                                     24.93.46.0 - 24.93.46.255

To single out one record, look it up with "!xxx", where xxx is the
handle, shown in parenthesis following the name, which comes first.

The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and nic.mil for NIPRNET Information.

Banshee:/# whois NETBLK-RR-AUS-GUA1 () arin net
[arin.net]
TimeWarnerCable-RoadRunner-Gguadalupe-mcr1 (NETBLK-RR-AUS-GUA1)
   12012 North MoPac Expressway
   Austin, TX 78758
   US

   Netname: RR-AUS-GUA1
   Netblock: 24.93.46.0 - 24.93.46.255

   Coordinator:
      Stanek, Matthew  (MS256-ARIN)  nomailbox@NOWHERE
      512-485-6100

   Domain System inverse mapping provided by:

   SWORD.EXCALIBUR-GROUP.COM    204.189.87.129
   STONE.EXCALIBUR-GROUP.COM    204.189.87.68

   Record last updated on 28-Jul-98.
   Database last updated on 17-May-99 16:14:22 EDT.

The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and nic.mil for NIPRNET Information.

banshee:/# nslookup 24.93.46.49
Server:  banshee.wittsend.com
Address:  130.205.0.2

Name:    cs9346-49.austin.rr.com
Address:  24.93.46.49

        Looks like a cable modem block...  TimeWarner RoadRunner system.

Is this an annoyance or a masqerade?


        Script kiddies on cable modems?  Sigh...

My 'Officer' noticed BO_PING sweep and BO_FILEFIND attempts on Friday
night and Sunday night.

<><Randall Grimshaw, Network Programmer, Syracuse University, 315-443-5779


        Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw () WittsEnd com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

Current thread:

Re: Responsiveness of remote admins, (continued)
- - - Re: Responsiveness of remote admins Philip S Holt (May 21)
    - Re: Norton AV for Firewalls mht (May 21)
    - Re: Responsiveness of remote admins R. DuFresne (May 21)
    - Re: Responsiveness of remote admins Craig H. Rowland (May 21)
    - Re: Scans Observed by Officer Friendly R. DuFresne (May 19)
  - Re: Scans Observed by Officer Friendly David Lang (May 19)
  - Re: Scans Observed by Officer Friendly S. Jonah Pressman (May 19)
    - Re: Scans Observed by Officer Friendly Larry Chin (May 21)
    - RE: Scans Observed by Officer Friendly James D. Wilson (May 22)
    - Re: Scans Observed by Officer Friendly R. DuFresne (May 21)
- Re: Scans Observed by Officer Friendly Michael H. Warfield (May 18)
- Re: Scans Observed by Officer Friendly R. DuFresne (May 19)
- Re: Scans Observed by Officer Friendly Holger Heimann (May 18)
- Re: Scans Observed by Officer Friendly kevin hunter (May 18)
- Re: Scans Observed by Officer Friendly Denise Lucas (May 18)
- Re: Scans Observed by Officer Friendly S. Jonah Pressman (May 18)
- RE: Scans Observed by Officer Friendly sean . kelly (May 21)
- RE: Scans Observed by Officer Friendly Bill_Royds (May 23)