[lug] TCP Wrapers and Going After Bad People
Greg Horne
jeerygh at hotmail.com
Thu Sep 13 10:45:53 MDT 2001
My friend is a debian user. He was always really excited about the apt-get
feature. I think it's cool too, is there an equivilent on the other
distro's?
Greg Horne
>From: Kyle Moore <kmoore at trustamerica.com>
>Reply-To: lug at lug.boulder.co.us
>To: lug at lug.boulder.co.us
>Subject: Re: [lug] TCP Wrapers and Going After Bad People
>Date: Wed, 12 Sep 2001 16:01:50 -0400
>
>NTP (Network Time Protocal) http://www.ntp.org
>
>or on Debian
>
># apt-get install ntp
>
>
>Greg Horne wrote:
>
>>Thanks for all the responses and ideas guys! I really enjoyed the bit
>>from Kevin. Thanks. I'll also look into that 64.whatever ip address
>>you have been firewalling. BTW my intent was not to catch or punish
>>them, just to find a way to go after somebody when something more major
>>happens. Oh yeah, the NCP (was that the acronym) thing about keeping
>>accurate time i'll look into. Thanks (sorry I can't remember who
>>mentioned that).
>>
>>Greg Horne
>>
>>>From: Kevin Fenzi <kevin at scrye.com>
>>>Reply-To: lug at lug.boulder.co.us
>>>To: lug at lug.boulder.co.us
>>>Subject: Re: [lug] TCP Wrapers and Going After Bad People
>>>Date: Wed, 12 Sep 2001 11:42:25 -0600
>>>
>>> >>>>> "Greg" == Greg Horne <jeerygh at hotmail.com> writes:
>>>
>>>Greg> Yo BLUG, yes. . . You CAN help Greg get the bad guys! So two
>>>Greg> people stand out in my logs as always trying to break into my
>>>Greg> systems. I get e-mails daily from the servers saying . . .Tried
>>>Greg> NS1, tried MMS1, tried Webserver 1, etc. . .
>>>
>>>Greg> My question is this: Have any of you tried to track some of
>>>Greg> these people down? Any sucess stories to tell? If so, what
>>>Greg> were your methods?
>>>
>>>well, I gave up trying long ago... but if you have the time, by all
>>>means go for it. ;)
>>>
>>>Greg> For good measure i'll include the *evil* offenders.
>>>
>>>Greg> attempt from APoitiers-103-1-1-165.abo.wanadoo.fr unknown
>>>Greg> 193.253.254.165 to in.ftpd at Wed Sep 12 05:30:51 PDT 2001
>>>
>>>Greg> attempt from HSE-QuebecCity-ppp3496564.sympatico.ca unknown
>>>Greg> 65.92.224.5 to in.ftpd at Tue Sep 11 18:57:37 PDT 2001
>>>
>>>Here's how I would track them down:
>>>
>>>Find out what there network is and contact info:
>>>
>>>whois 193.253.254.165 at whois.arin.net
>>>European Regional Internet Registry/RIPE NCC (NETBLK-RIPE)
>>> These addresses have been further assigned to European users.
>>> Contact info can be found in the RIPE database, via the
>>> WHOIS and TELNET servers at whois.ripe.net, and at
>>> http://www.ripe.net/db/whois.html
>>> NL
>>>
>>> Netname: RIPE-CBLK
>>> Netblock: 193.0.0.0 - 193.255.255.255
>>> Maintainer: RIPE
>>>
>>> Coordinator:
>>> Reseaux IP European Network Co-ordination Centre Singel 258
>>>(RIPE-NCC-ARIN) nicdb at RIPE.NET
>>> +31 20 535 4444
>>>
>>>ok, so query the ripe server:
>>>
>>>whois 193.253.254.165 at whois.ripe.net
>>>
>>>inetnum: 193.253.254.0 - 193.253.254.255
>>>netname: IP2000-ADSL-BAS
>>>descr: France Telecom IP2000 ADSL BAS
>>>descr: BSPOI103 Poitiers Bloc2
>>>country: FR
>>>admin-c: WITR1-RIPE
>>>tech-c: WITR1-RIPE
>>>status: ASSIGNED PA
>>>remarks: for hacking, spamming or security problems send mail to
>>>remarks: postmaster at wanadoo.fr AND abuse at wanadoo.fr
>>>remarks: for ANY problem send mail to gestionip.ft at francetelecom.com
>>>notify: gestionip.ft at francetelecom.com
>>>mnt-by: FT-BRX
>>>changed: gestionip.ft at francetelecom.com 20001130
>>>changed: gestionip.ft at francetelecom.com 20010912
>>>source: RIPE
>>>
>>>route: 193.253.0.0/16
>>>descr: France Telecom
>>>origin: AS3215
>>>mnt-by: FT-BRX
>>>changed: gestionip.ft at francetelecom.fr 20001018
>>>source: RIPE
>>>
>>>role: Wanadoo Interactive Technical Role
>>>address: France Telecom Wanadoo Interactive
>>>address: 41, rue Camille Desmoulins
>>>address: 92442 ISSY LES MOULINEAUX Cedex
>>>address: FR
>>>phone: +33 1 41 33 39 00
>>>fax-no: +33 1 41 33 39 01
>>>e-mail: abuse at wanadoo.fr
>>>e-mail: postmaster at wanadoo.fr
>>>admin-c: FTI-RIPE
>>>tech-c: TEFS1-RIPE
>>>nic-hdl: WITR1-RIPE
>>>notify: gestionip.ft at francetelecom.com
>>>mnt-by: FT-BRX
>>>changed: gestionip.ft at francetelecom.com 20010504
>>>changed: gestionip.ft at francetelecom.com 20010912
>>>source: RIPE
>>>
>>>ok, the important thing here is the "abuse at wanadoo.fr" and
>>>"postmaster at wanadoo.fr".
>>>
>>>I would send them a note complaining about the users behavior.
>>>
>>>Alas, I would expect that you will get no response and I can't think
>>>of much you could do after that...
>>>
>>>You could block the entire wanadoo.fr net from any access to your
>>>network with a firewall.
>>>
>>>as a side note, for spam I suggest the following:
>>>
>>>- forward your spam to spamcop at spamcop.net, which will reply with a
>>>url. You can then go to the URL and have spamcop complain to all the
>>>hosts used in the spam.
>>>
>>>- forward your spam to spam at orbz.org, which will scan your spams
>>>headers and test all the ips found for open relays. Then you can use
>>>orbz to block mail from them.
>>>
>>>Greg> Thanks,
>>>Greg> Greg Horne
>>>
>>>kevin
>>>--
>>>Kevin Fenzi
>>>MTS, tummy.com, ltd.
>>>http://www.tummy.com/ KRUD - Kevin's Red Hat Uber Distribution
>>>_______________________________________________
>>>Web Page: http://lug.boulder.co.us
>>>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>>
>>
>>
>>_________________________________________________________________
>>Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>>
>>_______________________________________________
>>Web Page: http://lug.boulder.co.us
>>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>>
>
>
>--
>Kyle Moore
>UNIX Systems Administrator
>Trust Company of America
>
>_______________________________________________
>Web Page: http://lug.boulder.co.us
>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
More information about the LUG
mailing list