[Dshield] Online graphical traceroute...

Gsw Gsoft at guidosoft.com
Thu Mar 7 20:40:01 GMT 2002


http://www.visualroute.it/vr.asp

It's more easy.


Gsw


At 10.56 07/03/2002 -0800, you wrote:
>         Morning all,
>
>         I just discovered this on Symantec's site
>http://www.symantec.com/securitycheck/
>         Click on Security Check, then Trace a Potential Attack.  Click on
>the show details to see the full trace.
>
>         Plug in an IP and do a graphical traceroute, when done, left click
>on the Network or Node name and it does a lookup for you,
>         pretty darn sweet. Not sure what the lookup service is but it's
>better than a WHOIS on the sample address I tried today, from some port 515
>attempted connection from 211.20.3.131.
>
>         From Symantec's Trace a Potential Attack report;
>
>         inetnum:     211.20.3.128 - 211.20.3.135
>         netname:     MEGA-BONA-IN-TP-NET
>         descr:       Mega Bona International Co., Ltd.
>         descr:       7 Fl., No. 620-1, Kuangfu S. Rd., Taipei
>         descr:       Taipei Taiwan
>         country:     TW
>         admin-c:     MKT3-TW
>         tech-c:      MKT3-TW
>         remarks:     This information has been partially mirrored by APNIC
>from
>         remarks:     TWNIC. To obtain more specific information, please use
>the
>         remarks:     TWNIC whois server at whois.twnic.net.
>         mnt-by:      TWNIC-AP
>         changed:     network-adm at hinet.net 20010727
>         source:      TWNIC
>
>Mar 06 17:43:31.126 My_Firewall[103]: 226 IP packet dropped (211.20.3.131
>->My_IP_Address: Protocol=TCP[SYN] 4914 ->515 : Restricted Port:
>Protocol=TCP[SYN] Port 4914->515 (received on interface My_IP_Address)
>Is some dork at Mega Bona International Co., Ltd. trying to print here, I
>wish she'd ask first -or- I bet it's some dork trying to see if I'm running
>an exploitable LPD service.
>
>         Jim
>
>_______________________________________________
>Dshield mailing list
>Dshield at dshield.org
>To change your subscription options (or unsubscribe), see: 
>http://www.dshield.org/mailman/listinfo/list





More information about the list mailing list