F9 DOS attack
Richard England
rlengland at verizon.net
Fri Nov 28 00:14:08 UTC 2008
Dave Feustel wrote:
> On Thu, Nov 27, 2008 at 02:25:26AM +1030, Tim wrote:
>
>> On Wed, 2008-11-26 at 06:54 -0500, Dave Feustel wrote:
>>
>>> I spoke with a Comcast technician yesterday. He said there was nothing
>>> Comcast could do and that the problem was that the 'bomber' was able
>>> to get my ip address by scanning my system. That seems inconsistent to
>>> me.
>>>
>> If you're chatting with your ISP, I'd ask them if it's just you being
>> flooded, or a range of their IP addresses. Then you'll know if you're a
>> direct target. If they can't work that out, they're hopeless.
>>
>
> I just tried whois 68.87.72.130 (the ip address in all the unsolicited
> packets that were coming in) and that is a comcast ip address.
> (something to do with 'jumpstart'. Does anyone know anything about this?
>
>
$ whois -vi 68.87.72.130
[Querying whois.arin.net]
[whois.arin.net]
Comcast Cable Communications, Inc. JUMPSTART-2 (NET-68-80-0-0-1)
68.80.0.0 - 68.87.255.255
Comcast Cable Communications, Inc. COMCAST-18 (NET-68-87-64-0-1)
68.87.64.0 - 68.87.127.255
# ARIN WHOIS database, last updated 2008-11-26 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Ran this through http://cqcounter.com/whois/ and got the following
back. Which makes this look like one of the Comcast DNS servers. No?
OrgName: Comcast Cable Communications, Inc.
OrgID: CMCS
Address: 1800 Bishops Gate Blvd
City: Mt Laurel
StateProv: NJ
PostalCode: 08054
Country: US
NetRange: 68.80.0.0 <http://cqcounter.com/whois/index.php?query=68.80.0.0> - 68.87.255.255 <http://cqcounter.com/whois/index.php?query=68.87.255.255>
CIDR: 68.80.0.0/13
NetName: JUMPSTART-2
NetHandle: NET-68-80-0-0-1
Parent: NET-68-0-0-0-0
NetType: Direct Allocation
NameServer: DNS101.COMCAST.NET <http://cqcounter.com/whois/index.php?query=COMCAST.NET>
NameServer: DNS102.COMCAST.NET <http://cqcounter.com/whois/index.php?query=COMCAST.NET>
NameServer: DNS103.COMCAST.NET <http://cqcounter.com/whois/index.php?query=COMCAST.NET>
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2002-01-28
Updated: 2008-10-31
RTechHandle: IC161-ARIN
RTechName: Comcast Cable Communications Inc
RTechPhone: +1-856-317-7200
RTechEmail: CNIPEO-Ip-registration at cable.comcast.com <http://cqcounter.com/whois/index.php?query=comcast.com>
OrgAbuseHandle: NAPO-ARIN
OrgAbuseName: Network Abuse and Policy Observance
OrgAbusePhone: +1-856-317-7272
OrgAbuseEmail: abuse at comcast.net <http://cqcounter.com/whois/index.php?query=comcast.net>
OrgTechHandle: IC161-ARIN
OrgTechName: Comcast Cable Communications Inc
OrgTechPhone: +1-856-317-7200
OrgTechEmail: CNIPEO-Ip-registration at cable.comcast.com <http://cqcounter.com/whois/index.php?query=comcast.com>
CustName: Comcast Cable Communications, Inc.
Address: 1800 Bishops Gate Blvd
City: Mt Laurel
StateProv: NJ
PostalCode: 08054
Country: US
RegDate: 2007-04-17
Updated: 2007-04-17
NetRange: 68.87.64.0 <http://cqcounter.com/whois/index.php?query=68.87.64.0> - 68.87.127.255 <http://cqcounter.com/whois/index.php?query=68.87.127.255>
CIDR: 68.87.64.0/18
NetName: COMCAST-18
NetHandle: NET-68-87-64-0-1
Parent: NET-68-80-0-0-1
NetType: Reassigned
Comment:
RegDate: 2007-04-17
Updated: 2007-04-17
RTechHandle: IC161-ARIN
RTechName: Comcast Cable Communications Inc
RTechPhone: +1-856-317-7200
RTechEmail: CNIPEO-Ip-registration at cable.comcast.com <http://cqcounter.com/whois/index.php?query=comcast.com>
OrgAbuseHandle: NAPO-ARIN
OrgAbuseName: Network Abuse and Policy Observance
OrgAbusePhone: +1-856-317-7272
OrgAbuseEmail: abuse at comcast.net <http://cqcounter.com/whois/index.php?query=comcast.net>
OrgTechHandle: IC161-ARIN
OrgTechName: Comcast Cable Communications Inc
OrgTechPhone: +1-856-317-7200
OrgTechEmail: CNIPEO-Ip-registration at cable.comcast.com <http://cqcounter.com/whois/index.php?query=comcast.com>
# ARIN WHOIS database, last updated 2008-11-26 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
More information about the fedora-list
mailing list