[cobalt-security] IP listed as restricted doing Whois from samspade.org

["Todd Kirk" <tkirk@xxxxxxxxxxxxxx>]

Yes I am back with silly IP questions again ;-)

Thanks for the above URL, I ran another IP that FTP'd into my RAQ
(crc.xnet.ro[217.10.198.254]). It reports back with the below, that bad part
is I don't have any customers in Romania, so now I am on the hunt to chase
what they may have done in the 5 mins they were FTP'd in. How do I tell what
user they FTP in with? I know how to ps, ps aux, top, who etc. But I am an
amateur here and need all the help I can get.

% This is the RIPE Whois server.
% The objects are in RPSL format.
% Please visit http://www.ripe.net/rpsl for more information.
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html

% The object shown below is NOT in the RIPE database.
% It has been obtained by querying a remote server:
% (whois.rotld.ro) at port 43.
% To see the object stored in the RIPE database
% use the -R flag in your query
%
%REFERRAL START

% whois.rotld.ro :
%
% Rights restricted by copyright.
%
% Specifically, this data MAY ONLY be used for Internet operational
%   purposes. It may not be used for targeted advertising or any
%   other purpose.
%
% Este INTERZISA folosirea datelor de pe acest server in oricare
%   alt scop decat operarea retelei. In special este INTERZISA
%   folosirea lor in scopuri publicitare.
%
% No entries found for the selected (s)source.


When I go to ripe.net URL above I get the below report, which seems that the
FTP client is from Romainia (plus the .ro in the domain :)

inetnum:      217.10.198.0 - 217.10.198.255
netname:      MOBIFON
descr:        MobiFon S.A.
descr:        3, Nerva Traian Street
descr:        Complex M101, Sector 3
descr:        Bucharest, Romania
country:      RO
admin-c:      IOS5-RIPE
tech-c:       IOS5-RIPE
status:       ASSIGNED PA
notify:       isp.support@xxxxxxxxx
mnt-by:       AS12302-MNT
changed:      isp.support@xxxxxxxxx 20001009
source:       RIPE






regards,

Todd Kirk