[Dshield] Online graphical traceroute...

Jim Tagart Jim.Tagart at bellcold.com
Thu Mar 7 18:56:13 GMT 2002


	Morning all,

	I just discovered this on Symantec's site
http://www.symantec.com/securitycheck/
	Click on Security Check, then Trace a Potential Attack.  Click on
the show details to see the full trace.

	Plug in an IP and do a graphical traceroute, when done, left click
on the Network or Node name and it does a lookup for you,
	pretty darn sweet. Not sure what the lookup service is but it's
better than a WHOIS on the sample address I tried today, from some port 515
attempted connection from 211.20.3.131.

	From Symantec's Trace a Potential Attack report;

	inetnum:     211.20.3.128 - 211.20.3.135
	netname:     MEGA-BONA-IN-TP-NET
	descr:       Mega Bona International Co., Ltd.
	descr:       7 Fl., No. 620-1, Kuangfu S. Rd., Taipei
	descr:       Taipei Taiwan
	country:     TW
	admin-c:     MKT3-TW
	tech-c:      MKT3-TW
	remarks:     This information has been partially mirrored by APNIC
from
	remarks:     TWNIC. To obtain more specific information, please use
the
	remarks:     TWNIC whois server at whois.twnic.net.
	mnt-by:      TWNIC-AP
	changed:     network-adm at hinet.net 20010727
	source:      TWNIC

Mar 06 17:43:31.126 My_Firewall[103]: 226 IP packet dropped (211.20.3.131
->My_IP_Address: Protocol=TCP[SYN] 4914 ->515 : Restricted Port:
Protocol=TCP[SYN] Port 4914->515 (received on interface My_IP_Address) 
Is some dork at Mega Bona International Co., Ltd. trying to print here, I
wish she'd ask first -or- I bet it's some dork trying to see if I'm running
an exploitable LPD service.

	Jim




More information about the list mailing list