bash-2.03# traceroute 12.30.163.51
traceroute to 12.30.163.51 (12.30.163.51), 30 hops max, 40 byte packets
1 m10 (192.168.1.254) 1.107 ms 0.964 ms 0.980 ms
2 203-79-82-254.adsl-wns.paradise.net.nz (203.79.82.254) 140.054 ms
84.662 ms 66.697 ms
3 192.168.253.225 (192.168.253.225) 44.785 ms 44.695 ms 44.548 ms
4 kelly.ipnet.paradise.net.nz (203.96.153.138) 45.616 ms 45.496 ms
45.879 ms
5 cassandra.paradise.net.nz (203.96.152.3) 45.281 ms 46.657 ms 46.064
ms
6 a4-0-0-5.akbr1.netgate.net.nz (202.37.246.77) 56.524 ms 56.097 ms
55.997 ms
7 a0-0-0-2.tkbr1.netgate.net.nz (202.37.246.121) 57.098 ms 56.995 ms
57.062 ms
8 s1-1-1.labr1.netgate.net.nz (202.37.245.170) 183.135 ms 237.940 ms
185.116 ms
9 s5-0-0.lsanca1-cr1.bbnplanet.net (4.24.24.17) 185.678 ms 181.413 ms
182.776 ms
10 p2-1.lsanca1-ba1.bbnplanet.net (4.24.4.5) 182.427 ms 181.607 ms
181.451 ms
11 p1-0.lsanca1-ba2.bbnplanet.net (4.24.4.30) 239.627 ms 236.779 ms
236.387 ms
12 p2-1.sanjose1-nbr1.bbnplanet.net (4.0.1.17) 258.681 ms 243.815 ms
243.602 ms
13 p3-0-0.sanjose1-cr1.bbnplanet.net (4.0.3.202) 244.550 ms 245.610 ms
243.748 ms
14 gr1-h20.sffca.ip.att.net (192.205.31.53) 196.649 ms 197.296 ms
196.466 ms
15 gbr2-p40.sffca.ip.att.net (12.123.12.230) 196.028 ms 198.808 ms
196.160 ms
16 gbr1-p50.sl9mo.ip.att.net (12.122.3.18) 290.260 ms 288.724 ms 291.225
ms
17 br2-a3120s9.sl9mo.ip.att.net (12.123.24.174) 236.103 ms 238.213 ms
240.360 ms
18 sar1-a360s1.sl9mo.ip.att.net (12.127.4.49) 236.299 ms 235.668 ms
235.606 ms
19 12.126.95.74 (12.126.95.74) 284.350 ms 248.101 ms 253.541 ms
20 12.30.163.51 (12.30.163.51) 305.843 ms 302.771 ms 303.961 ms
bash-2.03# whois -h whois.arin.net 12.30.163.51
AT&T ITS (NET-ATT)
101 Crawfords Corner Rd
Holmdel, NJ 07733-3030
US
Netname: ATT
Netblock: 12.0.0.0 - 12.255.255.255
Maintainer: ATTW
Coordinator:
Kostick, Deirdre (DK71-ARIN) [EMAIL PROTECTED]
(888)613-6330
Domain System inverse mapping provided by:
DBRU.BR.NS.ELS-GMS.ATT.NET 199.191.128.106
DMTU.MT.NS.ELS-GMS.ATT.NET 12.127.16.70
CBRU.BR.NS.ELS-GMS.ATT.NET 199.191.128.105
CMTU.MT.NS.ELS-GMS.ATT.NET 12.127.16.69
Record last updated on 26-Sep-1998.
Database last updated on 17-Dec-1999 04:14:49 EDT.
bash-2.03# whois -h abuse.net att.net
[EMAIL PROTECTED]
Send Ms Kostick and [EMAIL PROTECTED] a polite message stating your concerns,
including what evidence you have of the cracking.
HTH,
-- Juha
> -----Original Message-----
> From: Jeff Smelser [mailto:[EMAIL PROTECTED]]
> Sent: Friday, 17 December 1999 09:39
> To: [EMAIL PROTECTED]
> Subject: someone is trying
>
>
> Today, as for the last few days, I have been trying to track this down.
> Please help.
>
> Dec 16 13:27:38 c465357-a portsentry[8432]: attackalert: Connect from
> host: 12.30.163.51/12.30.163.51 to UDP port: 137
> Dec 16 13:27:38 c465357-a portsentry[8432]: attackalert: Host:
> 12.30.163.51 is already blocked. Ignoring
> Dec 16 13:28:48 c465357-a portsentry[8432]: attackalert: Connect from
> host: 12.30.163.51/12.30.163.51 to UDP port: 137
> Dec 16 13:28:48 c465357-a portsentry[8432]: attackalert: Host:
> 12.30.163.51 is already blocked. Ignoring
>
>
> He has been talking to nothing since he has been forwarded to localhost
> for weeks, but this week he seems persistant.. I did a nslookup and its
> either not a valid ip, or he has his own and is not publishing it. I just
> need to some help tracking it down so he can be taken off the net.
>
> I have logs of him trying to crack inetd, and various other ports. Since
> inetd was the on;y open slot, thats the only one he tried for 10 mins.
> Trying to buffer overflow it i think.
>
> Thanks
> Jeff
>
>
>
>
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
