Re: after attacks ar logged.

Tue, 8 Feb 2000 11:23:04 -0800 

You can try an nslookup , in any case you have the domain, so you can try
nslookup lc.cc.il.us which returns nothing , I then tried the address and
got nothing, so tried another in the block, results came back


Name:    lccc250.lc.cc.il.us
Address:  209.96.41.250

so there is someone there, now we have to find who runs .us

so I went here     http://www.checkdomain.com/list.html

then did a whois on thier site using     lc.cc.il.us    and got this


cc.il.us (United States) 

Illinois Community Colleges  (CC-IL-US-DOM)
   Illinois Community Colleges
   CICNet
   2901 Hubbard Dr.
   Ann Arbor, MI 48105

   Domain Name: CC.IL.US

   Administrative Contact:
      Krol, Ed  (EK10-US)  [EMAIL PROTECTED]
     (217) 333-7886 (FAX) 217-244-7089
      Krol, Ed  (EK10-US)  [EMAIL PROTECTED]
     (217) 333-7886 (FAX) 217-244-7089

   Technical Contact:
      Veach, R. Ross  (RV80-US)  [EMAIL PROTECTED]
     (217) 244-4274
      Veach, R. Ross  (RV80-US)  [EMAIL PROTECTED]
     (217) 244-4274

   Registration Information:     [EMAIL PROTECTED]

   Record Last Updated on Jan-13-98.

   Domain servers in listed order:

   NS.UIUC.GEN.IL.US 192.17.6.230
   NS2.OAR.NET 192.88.195.10

 
 You could use these methods or some others maybe.......but this  should
help


BTW I have an abuse script for porsentry, but its not helpful for advanced
lookups, but will do about 50%



*********** REPLY SEPARATOR  ***********

On 8/02/00 at 0:37 Yoink! wrote:

>I have suspicious portscans coming in routinely.  How do I send an e-mail
to
>the appropriate sysadmins to have things looked at on their side when they
>are outside the .COM, .NET, .ORG, and .EDU domains?  Whois won't work on
>them... 
>
>For instance, atech.lc.cc.il.us/209.96.41.1 keeps trying to portscan me.
>Several other ip address have showed up in my logs too, but I've handled
them.
>
>TIA... just need to know what to do next.  I know I can just ip deny i'm
but
>I'm proactive and if somebody has comprimised their network I'd like to
tip
>them off somehow...


Regards

Greg Wright
IT Consultant Sydney Australia

-- 

*** Please trim any replies ***
*** Please turn off HTML in your email ***
*** Please don't use the list for test messages ***
*** Why not read the archives? http://moongroup.com/redhat.phtml ***


-- 
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.

Reply via email to