Port Scan

Port Scan

Post by Jim » Tue, 28 Nov 2000 16:58:41



I had a port scan from 12.3.101.67.  Yes, my firewall stopped it, but it
was a major scan, they hit 5 ports 4 different times in a row.  I want to

script kiddie/cracker on their network.  I've tried to find out who owns
this, but can't.  Any help will be appreciated.

Thanks, Jim
--
Remove the 'x' to reply.

 
 
 

Port Scan

Post by Jens Hekto » Tue, 28 Nov 2000 04:00:00



> I had a port scan from 12.3.101.67.  Yes, my firewall stopped it, but it
> was a major scan, they hit 5 ports 4 different times in a row.  I want to

> script kiddie/cracker on their network.  I've tried to find out who owns
> this, but can't.  Any help will be appreciated.

try:
        http://www.iks-jena.de/cgi-bin/whois
and fill in the IP

--
Jens Hektor, RWTH Aachen, Rechenzentrum, Seffenter Weg 23, 52074 Aachen
Computing Center Technical University Aachen, firewalls/network security

Private: Rochusstr. 26, D52062 Aachen, Fon: +49 241 29888, Fax: % 29889

 
 
 

Port Scan

Post by Rob MacGrego » Tue, 28 Nov 2000 04:00:00



> I had a port scan from 12.3.101.67.  Yes, my firewall stopped it, but it
> was a major scan, they hit 5 ports 4 different times in a row.  I want to

> script kiddie/cracker on their network.  I've tried to find out who owns
> this, but can't.  Any help will be appreciated.

A quick look in WhoIS provides:

whois -h whois.arin.net !netblk-umh-101-0 ...
UM Holdings (NETBLK-UMH-101-0)
   56 Haddon Avenue
   Haddonfield, NJ 08033
   USA

   Netname: UMH-101-0
   Netblock: 12.3.101.0 - 12.3.101.127

   Coordinator:

      609-354-2200

   Record last updated on 23-Apr-1998.
   Database last updated on 27-Nov-2000 06:14:40 EDT.

The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.

--
  Rob MacGregor (MCSE) [PGP key ID 0x1F5239DD]
      The light at the end of the tunnel is an oncoming dragon.


 
 
 

1. port scans on tcp port 3663

I have a redhat server 72 and in the past 2 days as i review the message
  logs i have seen scans on tcp port 3663. Does anybody know what
services  this port is assigned to. From the same soucre IP address. The
firewall denied the probe it was a large number of attemps (>750) each
of the last 2 days. The source IP was 211.206.168.200

2. Linux NT dual boot

3. Tracking port scans from port 80

4. .AVI player?

5. Port scanning Solaris - nmap "filtered" ports and Nessus output

6. HELP needed: imagetool stopped working

7. Blocking/responding to port scans

8. Apache socket errors.

9. A variant take on "port-scanning"

10. Supress the banners on a port scan?

11. How does one use my machine for port scanning?

12. Port Scans

13. wanted: Port scan detector for AIX