How to locate and contact attacker?
Chong Yu Meng
chongym
Mon Aug 14 19:25:49 PDT 2006
Hi all,
This morning, I noticed something very odd in my security logs. There is
one particular system that is attacking my server every other day (I
guess it would be attacking me everyday if not for fail2ban--thanks
David!). Always the same IP address. I tried pinging the IP address from
my home, and of course it responded. Then I tried to put the IP address
in my browser, to see if it was running any web services. Strangely, it
seemed like it was, but the transfer timed out.
Here's my question: if I know the IP address, how do I get information
about this system-- in particular, contact information? I suspect that
it is a server (seems to be a static IP) and that it has been
compromised. I hate that it keeps attacking my server, but I imagine
that it is many times worse for the owner of that server, who is
probably paying heaps for bandwidth used in those attacks.
--
Pascal Chong
email: chongym at cymulacrum.net
web: http://cymulacrum.net
pgp: http://cymulacrum.net/pgp/cymulacrum.asc
"La science ne conna?t pas de fronti?re parce que la connaissance
appartient ? l?humanit?. et que c?est la flamme qui illumine le monde."
-- Louis Pasteur
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mail.linux-sxs.org/pipermail/linux-users/attachments/20060815/9bf93c0c/attachment-0001.pgp
More information about the Linux-users
mailing list