[ale] Backtracking to an IP
Michael Still
stillwaxin at gmail.com
Wed Sep 8 08:43:08 EDT 2004
On Wed, 8 Sep 2004 07:26:57 -0500 (EST), John Mills
<johnmills at speakeasy.net> wrote:
> ALERs -
>
> My box got a suspect series of ssh login attempts under common, but unused
> account names, all from the same IP address: 64.124.210.23
>
> How can I learn a bit more about the source?
>
http://ws.arin.net/cgi-bin/whois.pl?queryinput=!%20NET-64-124-210-0-1
Shows that its an AboveNet IP block reassigned to APS communications.
Send a msg to the the noc at above.net address or abuse at above.net and
tell them that box might be cracked.
More information about the Ale
mailing list