[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Logcheck, IP address
- Subject: Re: [cobalt-security] Logcheck, IP address
- From: Glen Scott <glen@xxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 19 Jun 2001 12:16:14 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
How do I chase down an IP address that was reported by Logcheck to FTP in?
If have their IP and I want to see where it originated from so I know if it
is one of my users or a hacker?
$ whois 144.134.44.127@xxxxxxxxxxxxxx
[whois.arin.net]
Telstra (NET-TELECOMAU4)
Network Development and
Construction Branch 32 Pirie Street Adelaide
South, 5000
AU
Netname: TELECOMAU4
Netblock: 144.134.0.0 - 144.134.255.255
Coordinator:
Telstra (HM100-ORG-ARIN) hostmaster@xxxxxxxxxxxxxx
+61 3 9253 8600 Fax- +61 392538701
Domain System inverse mapping provided by:
SY-DNS01.TMNS.NET.AU 139.134.2.2
SY-DNS02.TMNS.NET.AU 139.134.2.18
Record last updated on 29-Nov-2000.
Database last updated on 18-Jun-2001 23:08:46 EDT.
The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.