[lug] looking up ip's
stimits at idcomm.com
Mon Sep 4 12:59:18 MDT 2000
Lately I've been seeing some different ports being tested, usually RPC
or IMAP related (which are firewalled, and any apps not used are "put on
ice"). What I'm wondering about is that although it is possible to spoof
ip's that don't require, I can turn around and do anonymous ftp back
into that machine, or even get to the telnet prompt and see a linux
machine. However, although I can verify that the host really exists, I
can't find it through either nslookup or host -v. Can anyone give me a
better idea how to find an ip that I have tested for existence?
The most recent loggin for sun rpc are from this box:
pts/3:~> telnet 188.8.131.52
Connected to 184.108.40.206 (220.127.116.11).
Escape character is '^]'.
Welcome to WOW Linux (Underground)
login: Connection closed by foreign host.
One reason I ask here is that often these attempts occur after posting
somewhere, such as on the BLUG list. It seems that if I can telnet to an
ip, it must belong to an isp or other registered host...how can I look
up the owner from a dotted decimal format, when nslookup and host
D. Stimits, stimits at idcomm.com
More information about the LUG