Re: F9 DOS attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dave Feustel wrote:
On Thu, Nov 27, 2008 at 02:25:26AM +1030, Tim wrote:
On Wed, 2008-11-26 at 06:54 -0500, Dave Feustel wrote:
I spoke with a Comcast technician yesterday. He said there was nothing
Comcast could do and that the problem was that the 'bomber' was able
to get my ip address by scanning my system. That seems inconsistent to
me.
If you're chatting with your ISP, I'd ask them if it's just you being
flooded, or a range of their IP addresses.  Then you'll know if you're a
direct target.  If they can't work that out, they're hopeless.

I just tried whois 68.87.72.130 (the ip address in all the unsolicited
packets that were coming in) and that is a comcast ip address.
(something to do with 'jumpstart'. Does anyone know anything about this?

$ whois -vi 68.87.72.130
[Querying whois.arin.net]
[whois.arin.net]
Comcast Cable Communications, Inc. JUMPSTART-2 (NET-68-80-0-0-1)
                                 68.80.0.0 - 68.87.255.255
Comcast Cable Communications, Inc. COMCAST-18 (NET-68-87-64-0-1)
                                 68.87.64.0 - 68.87.127.255

# ARIN WHOIS database, last updated 2008-11-26 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.


Ran this through http://cqcounter.com/whois/ and got the following back. Which makes this look like one of the Comcast DNS servers. No?

OrgName: Comcast Cable Communications, Inc. OrgID: CMCS
Address:    1800 Bishops Gate Blvd
City:       Mt Laurel
StateProv:  NJ
PostalCode: 08054
Country:    US

NetRange: 68.80.0.0 <http://cqcounter.com/whois/index.php?query=68.80.0.0> - 68.87.255.255 <http://cqcounter.com/whois/index.php?query=68.87.255.255> CIDR: 68.80.0.0/13 NetName: JUMPSTART-2
NetHandle:  NET-68-80-0-0-1
Parent:     NET-68-0-0-0-0
NetType:    Direct Allocation
NameServer: DNS101.COMCAST.NET <http://cqcounter.com/whois/index.php?query=COMCAST.NET>
NameServer: DNS102.COMCAST.NET <http://cqcounter.com/whois/index.php?query=COMCAST.NET>
NameServer: DNS103.COMCAST.NET <http://cqcounter.com/whois/index.php?query=COMCAST.NET>
Comment:    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate:    2002-01-28
Updated:    2008-10-31

RTechHandle: IC161-ARIN
RTechName: Comcast Cable Communications Inc RTechPhone: +1-856-317-7200 RTechEmail: CNIPEO-Ip-registration@xxxxxxxxxxxxxxxxx <http://cqcounter.com/whois/index.php?query=comcast.com>
OrgAbuseHandle: NAPO-ARIN
OrgAbuseName: Network Abuse and Policy Observance OrgAbusePhone: +1-856-317-7272
OrgAbuseEmail:  abuse@xxxxxxxxxxx <http://cqcounter.com/whois/index.php?query=comcast.net>

OrgTechHandle: IC161-ARIN
OrgTechName: Comcast Cable Communications Inc OrgTechPhone: +1-856-317-7200
OrgTechEmail:  CNIPEO-Ip-registration@xxxxxxxxxxxxxxxxx <http://cqcounter.com/whois/index.php?query=comcast.com>

CustName:   Comcast Cable Communications, Inc.
Address:    1800 Bishops Gate Blvd
City:       Mt Laurel
StateProv:  NJ
PostalCode: 08054
Country:    US
RegDate:    2007-04-17
Updated:    2007-04-17

NetRange: 68.87.64.0 <http://cqcounter.com/whois/index.php?query=68.87.64.0> - 68.87.127.255 <http://cqcounter.com/whois/index.php?query=68.87.127.255> CIDR: 68.87.64.0/18 NetName: COMCAST-18
NetHandle:  NET-68-87-64-0-1
Parent:     NET-68-80-0-0-1
NetType:    Reassigned
Comment: RegDate: 2007-04-17
Updated:    2007-04-17

RTechHandle: IC161-ARIN
RTechName: Comcast Cable Communications Inc RTechPhone: +1-856-317-7200 RTechEmail: CNIPEO-Ip-registration@xxxxxxxxxxxxxxxxx <http://cqcounter.com/whois/index.php?query=comcast.com>
OrgAbuseHandle: NAPO-ARIN
OrgAbuseName: Network Abuse and Policy Observance OrgAbusePhone: +1-856-317-7272
OrgAbuseEmail:  abuse@xxxxxxxxxxx <http://cqcounter.com/whois/index.php?query=comcast.net>

OrgTechHandle: IC161-ARIN
OrgTechName: Comcast Cable Communications Inc OrgTechPhone: +1-856-317-7200
OrgTechEmail:  CNIPEO-Ip-registration@xxxxxxxxxxxxxxxxx <http://cqcounter.com/whois/index.php?query=comcast.com>

# ARIN WHOIS database, last updated 2008-11-26 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.



--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux