[Dshield] Online graphical traceroute...

Gsw Gsoft at guidosoft.com
Thu Mar 7 20:40:01 GMT 2002


It's more easy.


At 10.56 07/03/2002 -0800, you wrote:
>         Morning all,
>         I just discovered this on Symantec's site
>         Click on Security Check, then Trace a Potential Attack.  Click on
>the show details to see the full trace.
>         Plug in an IP and do a graphical traceroute, when done, left click
>on the Network or Node name and it does a lookup for you,
>         pretty darn sweet. Not sure what the lookup service is but it's
>better than a WHOIS on the sample address I tried today, from some port 515
>attempted connection from
>         From Symantec's Trace a Potential Attack report;
>         inetnum: -
>         netname:     MEGA-BONA-IN-TP-NET
>         descr:       Mega Bona International Co., Ltd.
>         descr:       7 Fl., No. 620-1, Kuangfu S. Rd., Taipei
>         descr:       Taipei Taiwan
>         country:     TW
>         admin-c:     MKT3-TW
>         tech-c:      MKT3-TW
>         remarks:     This information has been partially mirrored by APNIC
>         remarks:     TWNIC. To obtain more specific information, please use
>         remarks:     TWNIC whois server at whois.twnic.net.
>         mnt-by:      TWNIC-AP
>         changed:     network-adm at hinet.net 20010727
>         source:      TWNIC
>Mar 06 17:43:31.126 My_Firewall[103]: 226 IP packet dropped (
>->My_IP_Address: Protocol=TCP[SYN] 4914 ->515 : Restricted Port:
>Protocol=TCP[SYN] Port 4914->515 (received on interface My_IP_Address)
>Is some dork at Mega Bona International Co., Ltd. trying to print here, I
>wish she'd ask first -or- I bet it's some dork trying to see if I'm running
>an exploitable LPD service.
>         Jim
>Dshield mailing list
>Dshield at dshield.org
>To change your subscription options (or unsubscribe), see: 

More information about the list mailing list