[Dshield] Online graphical traceroute...
Jim.Tagart at bellcold.com
Thu Mar 7 18:56:13 GMT 2002
I just discovered this on Symantec's site
Click on Security Check, then Trace a Potential Attack. Click on
the show details to see the full trace.
Plug in an IP and do a graphical traceroute, when done, left click
on the Network or Node name and it does a lookup for you,
pretty darn sweet. Not sure what the lookup service is but it's
better than a WHOIS on the sample address I tried today, from some port 515
attempted connection from 18.104.22.168.
From Symantec's Trace a Potential Attack report;
inetnum: 22.214.171.124 - 126.96.36.199
descr: Mega Bona International Co., Ltd.
descr: 7 Fl., No. 620-1, Kuangfu S. Rd., Taipei
descr: Taipei Taiwan
remarks: This information has been partially mirrored by APNIC
remarks: TWNIC. To obtain more specific information, please use
remarks: TWNIC whois server at whois.twnic.net.
changed: network-adm at hinet.net 20010727
Mar 06 17:43:31.126 My_Firewall: 226 IP packet dropped (188.8.131.52
->My_IP_Address: Protocol=TCP[SYN] 4914 ->515 : Restricted Port:
Protocol=TCP[SYN] Port 4914->515 (received on interface My_IP_Address)
Is some dork at Mega Bona International Co., Ltd. trying to print here, I
wish she'd ask first -or- I bet it's some dork trying to see if I'm running
an exploitable LPD service.
More information about the list