[ale] Backtracking to an IP

Michael Still stillwaxin at gmail.com
Wed Sep 8 08:43:08 EDT 2004


On Wed, 8 Sep 2004 07:26:57 -0500 (EST), John Mills
<johnmills at speakeasy.net> wrote:
> ALERs -
> 
> My box got a suspect series of ssh login attempts under common, but unused
> account names, all from the same IP address: 64.124.210.23
> 
> How can I learn a bit more about the source?
> 
http://ws.arin.net/cgi-bin/whois.pl?queryinput=!%20NET-64-124-210-0-1

Shows that its an AboveNet IP block reassigned to APS communications. 
Send a msg to the the noc at above.net address or abuse at above.net and
tell them that box might be cracked.



More information about the Ale mailing list