Home page logo

basics logo Security Basics mailing list archives

RE: Basic Question only
From: "Joe Klein" <jsklein () mindspring com>
Date: Thu, 31 Oct 2002 15:25:39 -0500


To begin with, you need to identify who owns the IP address:

You can do this in two way:

1. Use the whois command in UNIX or
2. go to http://ws.arin.net/cgi-bin/whois.pl to look up each of the IP

Next you may want to look up this ip address to see if this IP address
or type of scan is chronic throught out the Internet. Go to

At this point, you need to decide, based on your security policy and
your incident handling policy, what to do next. 

Joe Klein, CISSP

-----Original Message-----
From: Christopher Rea [mailto:chris_rea () hotmail com] 
Sent: Wednesday, October 30, 2002 11:52 PM
To: security-basics () security-focus com
Subject: Basic Question only

I am sure that this is a silly question, but who are these guys that
trying my firewall on port 53 (DNS) and port 8. I am sure they must be
good guys, but why do they keep knocking, I only have one DNS server
that is
setup for lookup mode ???

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]