[Dshield] Help Understanding DShield Data
ed.truitt at etee2k.net
Thu Mar 27 18:09:30 GMT 2003
If you do a whois on ultra.net, you will see their administrative and
technical contacts are both RCN (Erols). Probably a local ISP that RCN
bought. The good news is that the abuse desk folks at RCN enjoy wielding
the LART - I tend to get a fairly quick response from them.
PGP fingerprint: 5368 D25E 468C A250 9833 CCD6 DBAE 9C25 02F9 0AB9
"Note to spammers: my 'delete' key is connected to YOUR ISP.
Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."
----- Original Message -----
From: "Chateauneuf" <dupape at bellatlantic.net>
To: <list at dshield.org>
Sent: Thursday, March 27, 2003 7:59 AM
Subject: [Dshield] Help Understanding DShield Data
> What am I missing? Shouldn't the total records match the total, by port,
> since both are for a one-day range?
> This resolves to RCN. I cannot find any reference to "ULTRA.NET." Again,
> what am I missing?
> I show three records against this IP yesterday (3/27). The data stops at
> 3/17. Is this an error or do some records update periodically in contrast
> to real time?
> Country: US
> Contact E-mail: noc at ULTRA.NET
> Total Records against IP: 229
> Number of targets: 229
> Date Range: 2003-03-17 to 2003-03-17
> Ports Attacked (up to 10):
> Port Attacks Start End
> 137 254 2003-03-17 2003-03-17
> 139 1 2003-03-17 2003-03-17
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
More information about the list