[47975] in North American Network Operators' Group
Re: "portscans" (was Re: Arbor Networks DoS defense product)
daemon@ATHENA.MIT.EDU (Ralph Doncaster)
Sun May 19 16:24:44 2002
Date: Sun, 19 May 2002 16:25:20 -0400 (EDT)
From: Ralph Doncaster <ralph@istop.com>
To: Alex Rubenstein <alex@nac.net>
Cc: "nanog@merit.edu" <nanog@merit.edu>
In-Reply-To: <Pine.WNT.4.43.0205191522510.2904-100000@NEON.hq.nac.net>
Message-ID: <Pine.LNX.4.21.0205191619590.31464-100000@cpu1693.adsl.bellglobal.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
That's a netblock, not an IP address. Your script kiddie at home with a
cable modem or ADSL connection is not going to have his IP SWIP'd or
populated in his ISP's rwhois server. Try that with 206.47.27.12 for
instance. That is a Sympatico ADSL customer here in Ottawa.
Ralph Doncaster
principal, IStop.com
div. of Doncaster Consulting Inc.
On Sun, 19 May 2002, Alex Rubenstein wrote:
>
>
> helium:~$ whois -a 207.99.113.65
> Net Access Corporation (NETBLK-NAC-NETBLK01)
> 1719b Route 10E, Suite 111
> Parsippany, NJ 07054
> US
>
> Netname: NAC-NETBLK01
> Netblock: 207.99.0.0 - 207.99.127.255
> Maintainer: NAC
>
> Coordinator:
> Net Access Corporation (ZN77-ARIN) legal@nac.net
> 800-638-6336
>
> Domain System inverse mapping provided by:
>
> NS1.NAC.NET 207.99.0.1
> NS2.NAC.NET 207.99.0.2
>
> ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
>
> * Reassignment information for this network is available
> * at whois.nac.net 43
>
>
>
>
> On Sun, 19 May 2002, Ralph Doncaster wrote:
>
> >
> > > > rough assessment of their network security, which was important to me
> > > > as a customer for obvious reasons.
> > >
> > > In that case, I would not consider the scan to have come from an
> > > 'unaffiliated' person. I'm sure if the bank's network operator noticed it,
> > > and contacted you, things would have been cleared up with no harm done. To
> >
> > It sounds like you know something that I don't. How do you find out the
> > contact information for someone given only an IP address?
> >
> > -Ralph
> >
> >
> >
>
> -- Alex Rubenstein, AR97, K2AHR, alex@nac.net, latency, Al Reuben --
> -- Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
>
>
>
