[Dshield] Help Understanding DShield Data

Ed Truitt ed.truitt at etee2k.net
Thu Mar 27 18:09:30 GMT 2003


If you do a whois on ultra.net, you will see their administrative and
technical contacts are both RCN (Erols).  Probably a local ISP that RCN
bought.  The good news is that the abuse desk folks at RCN enjoy wielding
the LART - I tend to get a fairly quick response from them.


Cheers,
Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9
http://www.etee2k.net
http://www.bsatroop148.org

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."



----- Original Message -----
From: "Chateauneuf" <dupape at bellatlantic.net>
To: <list at dshield.org>
Sent: Thursday, March 27, 2003 7:59 AM
Subject: [Dshield] Help Understanding DShield Data


> What am I missing? Shouldn't the total records match the total, by port,
> since both are for a one-day range?
>
> This resolves to RCN. I cannot find any reference to "ULTRA.NET." Again,
> what am I missing?
>
> I show three records against this IP yesterday (3/27). The data stops at
> 3/17. Is this an error or do some records update periodically in contrast
> to real time?
>
> https://secure.dshield.org/ipinfo.php?ip=146.115.112.039&x=1&day=731665
>
> Country: US
> Contact E-mail: noc at ULTRA.NET
> Total Records against IP:  229
> Number of targets:  229
> Date Range: 2003-03-17 to 2003-03-17
> Ports Attacked (up to 10):
> Port Attacks Start End
> 137 254 2003-03-17 2003-03-17
> 139 1 2003-03-17 2003-03-17
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>



More information about the list mailing list