Subject: Re: 'nother question --
From: Mike Tibor (tibor@lib.uaa.alaska.edu)
Date: Fri Oct 26 2001 - 19:21:40 AKDT
On Fri, 26 Oct 2001 jsaam@mcc-cpa.com wrote:
> How can I find out who is hosting a webserver with a given IP? I want to
> know who it is that is infected with the code red thing here, and is
> attempting to infect my web server.
Greg had a good suggestion in using whois. Another thing that I do is
just do a traceroute. That tells me who the upstream provider is, and
gives me another point of contact to complain to in the event that the
owner of the box in question ignores me.
I actually had to do this with onsale.com (the big auction site). They
were making smtp connections to my mail server, but quitting the session
just prior to DATA (as opposed to dropping it, as might happen with flakey
connectivity between us). Several messages to the technical and
administrative contacts from the whois output, as well as to
[abuse|postmaster]@onsale.com were ignored. However, an email to the
abuse address of their provider was not, and about an hour later I got a
phone call from a management type at Onsale who finally explained what was
going on. :-)
Mike
-- Mike Tibor Univ. of Alaska Anchorage (907) 786-1001 voice Network Technician Consortium Library (907) 786-6050 fax tibor@lib.uaa.alaska.edu http://www.lib.uaa.alaska.edu/~tibor/ http://www.lib.uaa.alaska.edu/~tibor/pgpkey for PGP public key
This archive was generated by hypermail 2a23 : Fri Oct 26 2001 - 19:21:42 AKDT