Watch Out For LAN4u.info

Rick Stevens rstevens at vitalstream.com
Thu Nov 18 17:12:11 UTC 2004 

Harold Hallikainen wrote:
> Just reported it. We'll see what happens.
> 
> By the way, I REALLY appreciate all the time you put into this list!
> You've solved several problems I've had, and I've seen you solve a lot of
> others!

Thank you, kind sir.  It's nice to be appreciated.  However, I'm just
paying back the help I've received over the years from both this list
and many, many others.

That's what makes Linux so strong--lots of strangers willing to help
each other.  If you learn stuff, pass the knowledge along.

Thank you again for your kind words!

>>Harold Hallikainen wrote:
>>
>>>I'm seeing a few thousand ssh attempts from 67.100.182.75 using a
>>>variety
>>>of usernames, but mostly using root and having the password fail.
>>
>>That's a Covad address (you know, DSL).  Note the times of the attacks
>>and contact Covad.  They can figure out who was using that IP at that
>>time and have the SOB booted.

I should have shown you how I found out where that was.  I used the
"whois" command:

[root at prophead root]# whois 67.100.182.75
[Querying whois.arin.net]
[whois.arin.net]

OrgName:    Covad Communications
OrgID:      CVAD
Address:    2510 Zanker Rd
City:       San Jose
StateProv:  CA
PostalCode: 95131-1127
Country:    US

ReferralServer: rwhois://rwhois.covad.net:4321

NetRange:   67.100.0.0 - 67.103.255.255
CIDR:       67.100.0.0/14
NetName:    NETBLK-COVAD-IP-4-NET
NetHandle:  NET-67-100-0-0-1
Parent:     NET-67-0-0-0-0
NetType:    Direct Allocation
NameServer: NS3.COVAD.COM
NameServer: NS4.COVAD.COM
Comment:
RegDate:    2003-04-18
Updated:    2004-07-30

AbuseHandle: CART-ARIN
AbuseName:   Covad abuse reporting team
AbusePhone:  +1-703-376-2830
AbuseEmail:  abuse-isp at covad.com

OrgAbuseHandle: CART-ARIN
OrgAbuseName:   Covad abuse reporting team
OrgAbusePhone:  +1-703-376-2830
OrgAbuseEmail:  abuse-isp at covad.com

OrgNOCHandle: CIN-ARIN
OrgNOCName:   COVAD IP NOC
OrgNOCPhone:  +1-888-801-6285
OrgNOCEmail:  noc-ipservices at covad.com

OrgTechHandle: TJW4-ARIN
OrgTechName:   Williamson, Todd J
OrgTechPhone:  +1-408-434-4826
OrgTechEmail:  twilliam at covad.com

# ARIN WHOIS database, last updated 2004-11-17 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

>>If you want to talk about attacks, you should see the stuff we go
>>through.  Right now, there's two DOS attacks against us.  We had one of
>>our upstream guys put in a filter, which helped.  The other one is
>>really splattered.

Oh, one final thing, Harold...generally we prefer bottom-posting on
this list (actually, most Linux lists prefer bottom-posting).  By that
we mean you should add your comments AFTER what you're commenting on.
This is the opposite of the default that Outlook (ugh!) uses.  Bottom-
posting helps to make the chronological flavor of the thread easier to
follow.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list