whois ip.address.of.luser at arin.net

will give you the information on the network coordinator.  I can help you
decode it and find out who owns what if you'd like.

Their should be a technical POC for his block and his upstream.
postmaster@ is /always/ supposed to be deliverable, root doesn't have to
be.

Adam Maloney
Systems Administrator
Sihope Communications

On Mon, 11 Sep 2000, Dave Sherohman wrote:

> A few days ago, someone decided that my web server would be good to use for
> caching (no, I have no idea why...  I'm not even running squid or wwwoffle)
> and I started getting a couple log messages a day about webcache connection
> attempts from his (fixed) IP address.
> 
> Investigating, it turned out that something was listening on 8080, but it
> turned itself off before I could identify it.  (Which worries me, but that's
> beside the point...)  Since then, I've been seeing an increased number of
> webcache attempts from him, which is getting really obnoxious.
> 
> He doesn't have any reverse-DNS information for his box or the two directly
> upstream.  Then traceroute shows a gd.cn.net address (root at gd.cn.net bounces,
> root at cn.net appears to be undeliverable in a fashion that sits around for
> several days before MTAs give up on it), 4 more unnamed IPs, and then (8
> hops before the machine which is bugging me) a whole bunch of alter.net
> machines.
> 
> I'm fairly sure he's on a Win32 box (no telnetd, no fingerd, no httpd, no
> smtpd, and it was turned off in the wee hours the one time I got desperate
> enough to try getting information via nmap), but that and his IP address are
> all I know.
> 
> Where do I go from here in trying to either find out who this guy is or find
> someone who does know and will tell him to knock it off?
> 
> -- 
> "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
> "So does syphillis. Good thing we have penicillin." - Matthew Alton
> Geek Code 3.1:  GCS d- s+: a- C++ UL++$ P+>+++ L+++>++++ E- W--(++) N+ o+
> !K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI++++ D G e* h+ r++ y+
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org
> For additional commands, e-mail: tclug-list-help at mn-linux.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org
For additional commands, e-mail: tclug-list-help at mn-linux.org