Ok, upon a little further investigation, ripe.net is not the right way to go. Instead take a look at this info: % This is the RIPE Whois server. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/ripencc/pub-services/db/copyright.html inetnum: 130.120.0.0 - 130.120.255.255 netname: UNITOUL descr: Centre Interuniversitaire de Calcul de Toulouse descr: CICT, 118, Route de Narbonne, 31062 Toulouse CEDEX, France country: FR admin-c: DI10-RIPE tech-c: DI10-RIPE remarks: REMIP status: ASSIGNED PA mnt-by: RIPE-NCC-LOCKED-MNT remarks: Maintainer RIPE-NCC-NONE-MNT removed and object remarks: LOCKED by the RIPE NCC due to remarks: deprecation of the NONE authentication scheme. remarks: Please visit the following URL to unlock this object remarks: http://www.ripe.net/db/none-deprecation-042004.html changed: ripe-dbm@xxxxxxxx 19990706 changed: ripe-dbm@xxxxxxxx 20000225 changed: rensvp@xxxxxxxxxx 20020328 changed: ripe-dbm@xxxxxxxx 20040430 source: RIPE route: 130.120.0.0/16 descr: RENATER descr: Universite Pierre et Marie Curie descr: 4 place Jussieu 75252 PARIS CEDEX 05 descr: FRANCE origin: AS2200 mnt-by: RENATER-MNT changed: RenSVP@xxxxxxxxxx 19991008 source: RIPE person: Dominique Incerti address: Centre Interuniversitaire de Calcul de Toulouse address: 118, route de Narbonne address: F-31062 Toulouse CEDEX, France e-mail: incerti@xxxxxxx phone: +33 5 61 36 60 12 fax-no: +33 5 61 52 14 58 nic-hdl: DI10-RIPE mnt-by: RENATER-MNT changed: rensvp@xxxxxxxxxx 19961125 changed: rensvp@xxxxxxxxxx 20030326 source: RIPE Which shows that the IP belongs to a french university called Centre Interuniversitaire de Calcul de Toulouse. You can attempt to locate their webiste and send an email with the log info to them at abuse@{their domain}. Again, this does not guarantee any response, especially from a foreign country. On Sat, 2004-07-17 at 12:40, Jonathan T. Steadman wrote: > Sorry this is yet another lame question, but I am new to hosting web > server ect. just kinda experimenting actually and in my logs i came > across some garbage (its at the bottom of this email) what do you do > about this? Just let it be? inform ISP? wait and see if it is more > continuous? dont know the proper thing to do i guess just making sure > with you guys. > > Jul 17 14:42:24 localhost sshd[6746]: Illegal user test from > 130.120.81.14 > Jul 17 14:42:26 localhost sshd[6746]: Failed password for illegal user > test from 130.120.81.14 port 48692 ssh2 > Jul 17 14:42:27 localhost sshd[6748]: Illegal user guest from > 130.120.81.14 > Jul 17 14:42:30 localhost sshd[6748]: Failed password for illegal user > guest from 130.120.81.14 port 48753 ssh2 > Jul 17 14:42:31 localhost sshd[6750]: Illegal user admin from > 130.120.81.14 > Jul 17 14:42:33 localhost sshd[6750]: Failed password for illegal user > admin from 130.120.81.14 port 48807 ssh2 > Jul 17 14:42:34 localhost sshd[6752]: Illegal user admin from > 130.120.81.14 > Jul 17 14:42:37 localhost sshd[6752]: Failed password for illegal user > admin from 130.120.81.14 port 48849 ssh2 > Jul 17 14:42:38 localhost sshd[6754]: Illegal user user from > 130.120.81.14 > Jul 17 14:42:40 localhost sshd[6754]: Failed password for illegal user > user from 130.120.81.14 port 48879 ssh2 > Jul 17 14:42:43 localhost sshd[6756]: Failed password for root from > 130.120.81.14 port 48900 ssh2 > Jul 17 14:42:47 localhost sshd[6758]: Failed password for root from > 130.120.81.14 port 48913 ssh2 > Jul 17 14:42:50 localhost sshd[6760]: Failed password for root from > 130.120.81.14 port 48924 ssh2 > Jul 17 14:42:51 localhost sshd[6762]: Illegal user test from > 130.120.81.14 > Jul 17 14:42:54 localhost sshd[6762]: Failed password for illegal user > test from 130.120.81.14 port 48931 ssh2 -- Thanks, Tom Sapp http://www.sappsworld.com
