Re: F9 DOS attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dave Feustel wrote:
On Thu, Nov 27, 2008 at 02:25:26AM +1030, Tim wrote:
On Wed, 2008-11-26 at 06:54 -0500, Dave Feustel wrote:
I spoke with a Comcast technician yesterday. He said there was nothing
Comcast could do and that the problem was that the 'bomber' was able
to get my ip address by scanning my system. That seems inconsistent to
me.
If you're chatting with your ISP, I'd ask them if it's just you being
flooded, or a range of their IP addresses.  Then you'll know if you're a
direct target.  If they can't work that out, they're hopeless.

I just tried whois 68.87.72.130 (the ip address in all the unsolicited
packets that were coming in) and that is a comcast ip address.
(something to do with 'jumpstart'. Does anyone know anything about this?

$ whois -vi 68.87.72.130
[Querying whois.arin.net]
[whois.arin.net]
Comcast Cable Communications, Inc. JUMPSTART-2 (NET-68-80-0-0-1)
                                 68.80.0.0 - 68.87.255.255
Comcast Cable Communications, Inc. COMCAST-18 (NET-68-87-64-0-1)
                                 68.87.64.0 - 68.87.127.255

# ARIN WHOIS database, last updated 2008-11-26 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.


Ran this through http://cqcounter.com/whois/ and got the following back. Which makes this look like one of the Comcast DNS servers. No?

OrgName: Comcast Cable Communications, Inc. OrgID: CMCS
Address:    1800 Bishops Gate Blvd
City:       Mt Laurel
StateProv:  NJ
PostalCode: 08054
Country:    US

NetRange: 68.80.0.0 <http://cqcounter.com/whois/index.php?query=68.80.0.0> - 68.87.255.255 <http://cqcounter.com/whois/index.php?query=68.87.255.255> CIDR: 68.80.0.0/13 NetName: JUMPSTART-2
NetHandle:  NET-68-80-0-0-1
Parent:     NET-68-0-0-0-0
NetType:    Direct Allocation
NameServer: DNS101.COMCAST.NET <http://cqcounter.com/whois/index.php?query=COMCAST.NET>
NameServer: DNS102.COMCAST.NET <http://cqcounter.com/whois/index.php?query=COMCAST.NET>
NameServer: DNS103.COMCAST.NET <http://cqcounter.com/whois/index.php?query=COMCAST.NET>
Comment:    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate:    2002-01-28
Updated:    2008-10-31

RTechHandle: IC161-ARIN
RTechName: Comcast Cable Communications Inc RTechPhone: +1-856-317-7200 RTechEmail: CNIPEO-Ip-registration@xxxxxxxxxxxxxxxxx <http://cqcounter.com/whois/index.php?query=comcast.com>
OrgAbuseHandle: NAPO-ARIN
OrgAbuseName: Network Abuse and Policy Observance OrgAbusePhone: +1-856-317-7272
OrgAbuseEmail:  abuse@xxxxxxxxxxx <http://cqcounter.com/whois/index.php?query=comcast.net>

OrgTechHandle: IC161-ARIN
OrgTechName: Comcast Cable Communications Inc OrgTechPhone: +1-856-317-7200
OrgTechEmail:  CNIPEO-Ip-registration@xxxxxxxxxxxxxxxxx <http://cqcounter.com/whois/index.php?query=comcast.com>

CustName:   Comcast Cable Communications, Inc.
Address:    1800 Bishops Gate Blvd
City:       Mt Laurel
StateProv:  NJ
PostalCode: 08054
Country:    US
RegDate:    2007-04-17
Updated:    2007-04-17

NetRange: 68.87.64.0 <http://cqcounter.com/whois/index.php?query=68.87.64.0> - 68.87.127.255 <http://cqcounter.com/whois/index.php?query=68.87.127.255> CIDR: 68.87.64.0/18 NetName: COMCAST-18
NetHandle:  NET-68-87-64-0-1
Parent:     NET-68-80-0-0-1
NetType:    Reassigned
Comment: RegDate: 2007-04-17
Updated:    2007-04-17

RTechHandle: IC161-ARIN
RTechName: Comcast Cable Communications Inc RTechPhone: +1-856-317-7200 RTechEmail: CNIPEO-Ip-registration@xxxxxxxxxxxxxxxxx <http://cqcounter.com/whois/index.php?query=comcast.com>
OrgAbuseHandle: NAPO-ARIN
OrgAbuseName: Network Abuse and Policy Observance OrgAbusePhone: +1-856-317-7272
OrgAbuseEmail:  abuse@xxxxxxxxxxx <http://cqcounter.com/whois/index.php?query=comcast.net>

OrgTechHandle: IC161-ARIN
OrgTechName: Comcast Cable Communications Inc OrgTechPhone: +1-856-317-7200
OrgTechEmail:  CNIPEO-Ip-registration@xxxxxxxxxxxxxxxxx <http://cqcounter.com/whois/index.php?query=comcast.com>

# ARIN WHOIS database, last updated 2008-11-26 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.



--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux