[Dshield] intrusion identification

Doug White doug at dwhite.ws
Sat Mar 15 01:37:46 GMT 2003


Query for 100.81.208.63.in-addr.arpa type=255 class=1
  100.81.208.63.in-addr.arpa PTR (Pointer)
dialup-63.208.81.100.Dial1.Stamford1.Level3.net

 Query for 117.112.208.63.in-addr.arpa type=255 class=1
  117.112.208.63.in-addr.arpa PTR (Pointer)
dialup-63.208.112.117.Dial1.Weehawken1.Level3.net


======================================
Got DSL?  Check it out!
For hosting solutions http://www.clickdoug.com
ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772
======================================
If you are not satisfied with my service, my job isn't done!

----- Original Message -----
From: "Jeff Kell" <jeff-kell at utc.edu>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Friday, March 14, 2003 6:27 PM
Subject: Re: [Dshield] intrusion identification


| Peter Lindgren wrote:
| > My norton personal firewall blocked two incomming access atempts that
| > were attempting to aceess my netbios does anyone know how to find out
| > who made the attempt. The remote addresses were 63.208.81.100:2629 and
| > 63.208.112.117:4840
|
| Yeah, and while you're at it, I've got a few from today I want to
| personally track down and give them a piece of my mind:
|
| >     deny tcp any any range 135 139 (7630 matches)
| >     deny udp any any range 135 netbios-ss (782774 matches)
| >     deny tcp any any eq 445 (18991 matches)
|
| Now where's my assault rifle :-)
|
| Jeff
|
| _______________________________________________
| list mailing list
| list at dshield.org
| To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
|
|



More information about the list mailing list