[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Backtracking to an IP

Subject: [ale] Backtracking to an IP
From: stillwaxin at gmail.com (Michael Still)
Date: Wed Sep 8 08:43:08 2004
In-reply-to: <[email protected]>
References: <[email protected]>

On Wed, 8 Sep 2004 07:26:57 -0500 (EST), John Mills
<johnmills at speakeasy.net> wrote:
> ALERs -
> 
> My box got a suspect series of ssh login attempts under common, but unused
> account names, all from the same IP address: 64.124.210.23
> 
> How can I learn a bit more about the source?
> 
http://ws.arin.net/cgi-bin/whois.pl?queryinput=!%20NET-64-124-210-0-1

Shows that its an AboveNet IP block reassigned to APS communications. 
Send a msg to the the noc at above.net address or abuse at above.net and
tell them that box might be cracked.

Follow-Ups:
- [ale] Backtracking to an IP
  - From: fletch at phydeaux.org (Fletch)
- [ale] Backtracking to an IP
  - From: johnmills at speakeasy.net (John Mills)

References:
- [ale] Backtracking to an IP
  - From: johnmills at speakeasy.net (John Mills)

Prev by Date: [ale] Backtracking to an IP
Next by Date: [ale] Backtracking to an IP
Previous by thread: [ale] Backtracking to an IP
Next by thread: [ale] Backtracking to an IP
Index(es):
- Date
- Thread