Security Incidents mailing list archives

Re: pop2 scan and .jp contact question

From: John Kristoff <jtk () DEPAUL EDU>
Date: Tue, 15 Aug 2000 14:11:54 -0500

Ian Eure wrote:

(times are UTC -0700)
-- snip --
Aug 14 04:44:16 spindle kernel: Packet log: ltraf REJECT eth0 PROTO=6
their.ip.was.here:109 my.ip.was.here:109 L=40 S=0x00 I=39426 F=0x0000 T=21
SYN (#11)


I saw a bunch of those as well.  Source was 133.31.109.220
(hatomugi.me.noda.sut.ac.jp).  If your timestamps are accurate, the time
I got them is a few hours off on the same day (around 13:45 -6 UTC).

some digging shows it as a  linux 2.0.xx box at the science university of
tokyo - SUTNET in whois.nic.ad.jp. after some more digging, it appears to
be a student system in noda. despite much digging with whois, i could not
find a contact for SUTNET.


Did you try this:

http://www.nic.ad.jp/cgi-bin/whois_gate

If you do a lookup on sut.ac.jp, you'll find a number of technical
contacts.

John

Current thread:

pop2 scan and .jp contact question Ian Eure (Aug 15)
- Re: pop2 scan and .jp contact question John Kristoff (Aug 18)
- Re: pop2 scan and .jp contact question Jan Meijer (Aug 18)
- <Possible follow-ups>
- Re: pop2 scan and .jp contact question Robert Bussey (Aug 18)
- Re: pop2 scan and .jp contact question 玉造光緒 (Aug 18)