Locating an IP address
SvS
FTP and IIS servers, and this is his zillionth time he is trying.
He didn't give up yet. I haven't seen somebody in my life this stubborn.!!
His IP address is static (167.216.252.54). The idea he will succeed and
breach in the servers makes me very anxious. I trust my system but I don't
want somebody knocking on all the time.
What can I do about this? , I know that this IP is located around San
Francisco but that's all the information I could get. Anybody can give an
idea? what else I could do ? Can I know who really he is buy calling his ISP
?
Please help or I'll go nuts soon!,
Thank you very much in advance !!
lappy
using the same email address, goto tools/message
rules/block sender list, from here you can block any
email from this idiot
>.
>
lappy
his isp, many pretend hackers (script kiddies) as there
known, re-route through another address, usually a school
or univercity, so chances are that you will never find
this idiot, best thing is keep all your defence's upto
date, eventually they will get bored and move on, dont
reply to anything they send you, this will just tell them
that there succeeding in annoying you
>.
>
Karl Levinson [x y] MVP
firewall logs. Confirm that you have the correct time in your logs and
include the time zone when you contact them. However, no, they will
probably not tell you the person's identity or even tell you what, if
anything, they did. Most ISPs are more interested in protecting their
paying customers. [If the IP address is the person's work instead of their
home ISP, however, you could be in luck.]
If you're concerned about this person succeeding, use your firewall to block
their address or even their address range.
I agree with the other post that this may not be a hacker but an infected or
compromised computer owned by an innocent person.
Last, consider using www.mynetwatchman.com software as this reports hacking
attempts to the hacker's ISP automatically, and lets you see if they are
attacking any other networks or just targeting you.
"SvS" <sev...@olisys.com> wrote in message
news:uObhU85dCHA.2588@tkmsftngp12...
Karl Levinson [x y] MVP
The host name on that IP is scanner14.sjdc01.qualys.com which makes it
sound not like a hacker but on an ISP or company providing scanning as a
service. Try going to www.qualys.com and www.network-tools.com for more
info.
person: Domain Adm
nic-hdl: NA67-GANDI
address: Qualys, Inc.
address: 1600 Bridge Parkway, Suite 201
address: 94065
address: Redwood Shores
address: California
address: United States of America
phone: +1-650-801-6100
fax: +1-650-801-6101
e-mail: domain...@qualys.com
person: Domain Tech
nic-hdl: NT46-GANDI
address: Qualys, Inc.
address: 1600 Bridge Parkway, Suite 201
address: 94065
address: Redwood Shores
address: California
address: United States of America
phone: +1-650-801-6100
fax: +1-650-801-6101
e-mail: domai...@qualys.com
"SvS" <sev...@olisys.com> wrote in message
news:uObhU85dCHA.2588@tkmsftngp12...
SvS
Qualys.com turned up to be a network scanner company. weird..
Are they trying to find something on my network or what ?
"John McGaw" <avoid...@bellsouth.net> wrote in message
news:eRTS1F9dCHA.2220@tkmsftngp10...
> Obtaining information about the source is pretty easy although actually
> doing anything with it is often difficult. Below is what I dug up. Have
fun
> and good luck.
> --
> *** E-mail return address will not work!
> *** Please reply in group or through my website.
>
> John McGaw
> Knoxville, TN, USA
> http://johnmcgaw.com
>
> The Data in the VeriSign Registrar WHOIS database is provided by VeriSign
> for
>
> information purposes only, and to assist persons in obtaining information
> about
>
> or related to a domain name registration record. VeriSign does not
guarantee
>
> its accuracy. Additionally, the data may not reflect updates to billing
> contact
>
> information. By submitting a WHOIS query, you agree to use this Data only
>
> for lawful purposes and that under no circumstances will you use this Data
> to:
>
> (1) allow, enable, or otherwise support the transmission of mass
> unsolicited,
>
> commercial advertising or solicitations via e-mail, telephone, or
facsimile;
> or
>
> (2) enable high volume, automated, electronic processes that apply to
> VeriSign
>
> (or its computer systems). The compilation, repackaging, dissemination or
>
> other use of this Data is expressly prohibited without the prior written
>
> consent of VeriSign. VeriSign reserves the right to terminate your access
to
>
> the VeriSign Registrar WHOIS database in its sole discretion, including
>
> without limitation, for excessive querying of the WHOIS database or for
> failure
>
> to otherwise abide by this policy. VeriSign reserves the right to modify
> these
>
> terms at any time. By submitting this query, you agree to abide by this
> policy.
>
>
>
> GANDI Registrar whois database for .COM, .NET, .ORG.
>
>
> Access and use restricted pursuant to French law on personal data.
>
> Copy of whole or part of the data without permission from GANDI
>
> is strictly forbidden.
>
> The sole owner of a domain is the entity described in the relevant
>
> 'domain:' record.
>
> Domain ownership disputes should be settled using ICANN's Uniform Dispute
>
> Resolution Policy: http://www.icann.org/udrp/udrp.htm
>
>
> Acces et utilisation soumis a la legislation francaise sur
>
> les donnees personnelles.
>
> Copie de tout ou partie de la base interdite sans autorisation de GANDI.
>
> Le possesseur d'un domaine est l'entite decrite dans
>
> l'enregistrement 'domain:' correspondant.
>
> Un desaccord sur la possession d'un nom de domaine peut etre resolu
>
> en suivant la Uniform Dispute Resolution Policy de l'ICANN:
>
> http://www.icann.org/udrp/udrp.htm
>
>
> Date: 2002/10/20 02:37:11
>
>
>
> domain: QUALYS.COM
>
> owner-address: Qualys, Inc.
>
> owner-address: 1600 Bridge Parkway, Suite 201
>
> owner-address: 94065
>
> owner-address: Redwood Shores
>
> owner-address: California
>
> owner-address: United States of America
>
> admin-c: NA67-GANDI
>
> tech-c: NT46-GANDI
>
> bill-c: NA67-GANDI
>
> nserver: dns1.qualys.com 12.162.2.2
>
> nserver: dns2.qualys.com 167.216.205.45
>
> reg_created: 1999-02-09 00:00:00
>
> expires: 2004-02-09 00:00:00
>
> created: 2000-11-13 10:51:42
>
> changed: 2002-04-18 01:21:19
>
> person: Domain Adm
>
> nic-hdl: NA67-GANDI
>
> address: Qualys, Inc.
>
> address: 1600 Bridge Parkway, Suite 201
>
> address: 94065
>
> address: Redwood Shores
>
> address: California
>
> address: United States of America
>
> phone: +1-650-801-6100
>
> fax: +1-650-801-6101
>
> e-mail: domain...@qualys.com
>
> person: Domain Tech
>
> nic-hdl: NT46-GANDI
>
> address: Qualys, Inc.
>
> address: 1600 Bridge Parkway, Suite 201
>
> address: 94065
>
> address: Redwood Shores
>
> address: California
>
> address: United States of America
>
> phone: +1-650-801-6100
>
> fax: +1-650-801-6101
>
> e-mail: domai...@qualys.com
>
>
>
> The previous information has been obtained either directly from the
>
> registrant or a registrar of the domain name other than VeriSign.
>
> VeriSign, therefore, does not guarantee its accuracy or completeness.
>
>
>
>
> "SvS" <sev...@olisys.com> wrote in message
> news:uObhU85dCHA.2588@tkmsftngp12...
Karl Levinson [x y] MVP
network or their PC to be scanned for security vulnerabilities?
It's strange that the scans would persist. Unless you sign up for a paid
service, usually they should scan once and quit... unless your ISP is
monitoring what is on their customer's machines or looking for vulnerable
machines. Either way, contact Qualys and/or your ISP to ask them.
"SvS" <sev...@olisys.com> wrote in message
news:epWSb8$dCHA.508@tkmsftngp12...