[Dshield] Help Understanding DShield Data

Ed Truitt ed.truitt at etee2k.net
Thu Mar 27 18:09:30 GMT 2003

If you do a whois on ultra.net, you will see their administrative and
technical contacts are both RCN (Erols).  Probably a local ISP that RCN
bought.  The good news is that the abuse desk folks at RCN enjoy wielding
the LART - I tend to get a fairly quick response from them.

Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

----- Original Message -----
From: "Chateauneuf" <dupape at bellatlantic.net>
To: <list at dshield.org>
Sent: Thursday, March 27, 2003 7:59 AM
Subject: [Dshield] Help Understanding DShield Data

> What am I missing? Shouldn't the total records match the total, by port,
> since both are for a one-day range?
> This resolves to RCN. I cannot find any reference to "ULTRA.NET." Again,
> what am I missing?
> I show three records against this IP yesterday (3/27). The data stops at
> 3/17. Is this an error or do some records update periodically in contrast
> to real time?
> https://secure.dshield.org/ipinfo.php?ip=
> Country: US
> Contact E-mail: noc at ULTRA.NET
> Total Records against IP:  229
> Number of targets:  229
> Date Range: 2003-03-17 to 2003-03-17
> Ports Attacked (up to 10):
> Port Attacks Start End
> 137 254 2003-03-17 2003-03-17
> 139 1 2003-03-17 2003-03-17
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:

More information about the list mailing list