from your logs, copy an entry, showing IP, date time etc...
I don't how to display the net bios name table of a remote IP in unix, but
in windows it's
NBTSTAT -A type_remtoe_IP_here
you will see the host name and MAC address of the remote box (If it's not
behind a firewall or if the ports are not blocked), and the user name logged
into the box.
do a traceroute to their IP, which gives up their ISP name
Forward all this to their ISP or call them. Chances it's a roadrunner
account.
OR (use at your own risk)
since they are infected, you could drop a text note (informing them of THEIR
infection and THEIR attempts to infect YOU) on their desktop or "startup"
folder of their "all users" "programs" folder. This is a bit drastic and
does enter a gray area considered hacking or unlawful entry to ones
computer. Technically it's not hacking, but do at your own risk.
bringing the ISP is probably the most appropriate thing to do....
-----Original Message-----
From: Michael K. Dittmeier [mailto:mike@bluecrabtech.com]
Sent: Tuesday, November 06, 2001 7:12 AM
To: slug@nks.net
Subject: RE: [SLUG] Damit Windows leave me alone!
Let your isp know and they can block access to and from the ip address.
Mike Dittmeier
p.s. your isp will also be able to monitor the traffic and see if the
origin is spoofing the ip information or any other nasty tricks.
-----Original Message-----
From: slug@lists.nks.net [mailto:slug@lists.nks.net] On Behalf Of Mike
Manchester
Sent: Tuesday, November 06, 2001 6:05 AM
To: slug
Subject: [SLUG] Damit Windows leave me alone!
I have one ip address that keeps trying to spread the Code Red worm on
my system. Should I try to contact this person and tell them they are
spreading the Code Red Worm? Or let their ISP know? And if so, how does
one find out to whom an ip address belongs?
Thanks
Mike M
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:56:41 EDT