[Dshield] Online graphical traceroute...
lisa at newdream.net
Thu Mar 7 20:42:31 GMT 2002
Jim Tagart said:
> Morning all,
> I just discovered this on Symantec's site
> Click on Security Check, then Trace a Potential Attack. Click on
> the show details to see the full trace.
> Plug in an IP and do a graphical traceroute, when done, left click
> on the Network or Node name and it does a lookup for you,
> pretty darn sweet. Not sure what the lookup service is but it's
> better than a WHOIS on the sample address I tried today, from some port
> 515 attempted connection from 18.104.22.168.
> From Symantec's Trace a Potential Attack report;
> inetnum: 22.214.171.124 - 126.96.36.199
> netname: MEGA-BONA-IN-TP-NET
> descr: Mega Bona International Co., Ltd.
> descr: 7 Fl., No. 620-1, Kuangfu S. Rd., Taipei
> descr: Taipei Taiwan
> country: TW
> admin-c: MKT3-TW
> tech-c: MKT3-TW
> remarks: This information has been partially mirrored by APNIC
> remarks: TWNIC. To obtain more specific information, please use
> remarks: TWNIC whois server at whois.twnic.net.
> mnt-by: TWNIC-AP
> changed: network-adm at hinet.net 20010727
> source: TWNIC
> Mar 06 17:43:31.126 My_Firewall: 226 IP packet dropped
> (188.8.131.52 ->My_IP_Address: Protocol=TCP[SYN] 4914 ->515 :
> Restricted Port:
> Protocol=TCP[SYN] Port 4914->515 (received on interface My_IP_Address)
> Is some dork at Mega Bona International Co., Ltd. trying to print here,
> I wish she'd ask first -or- I bet it's some dork trying to see if I'm
> running an exploitable LPD service.
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
More information about the list