?
Solved

How do I find an ISP?

Posted on 2005-03-05
5
Medium Priority
?
190 Views
Last Modified: 2010-04-11

Here is the text of the trace back of one of my port attacks.  How do I find who the ISP is?  Should I use the abuse phone number or the abuse e-mail address to complain?  I'm using Sygate Personal Firewall.  Thank you!


OrgName:    Internet Assigned Numbers Authority
OrgID:      IANA
Address:    4676 Admiralty Way, Suite 330
City:       Marina del Rey
StateProv:  CA
PostalCode: 90292-6695
Country:    US

NetRange:   224.0.0.0 - 239.255.255.255
CIDR:       224.0.0.0/4
NetName:    MCAST-NET
NetHandle:  NET-224-0-0-0-1
Parent:    
NetType:    IANA Special Use
NameServer: FLAG.EP.NET
NameServer: STRUL.STUPI.SE
NameServer: NS.ISI.EDU
NameServer: NIC.NEAR.NET
Comment:    This block is reserved for special purposes.
Comment:    Please see RFC 3171 for additional information.
Comment:    
RegDate:    1991-05-22
Updated:    2002-09-16

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName:   Internet Corporation for Assigned Names and Number
OrgAbusePhone:  +1-310-301-5820
OrgAbuseEmail:  abuse@iana.org

OrgTechHandle: IANA-IP-ARIN
OrgTechName:   Internet Corporation for Assigned Names and Number
OrgTechPhone:  +1-310-301-5820
OrgTechEmail:  abuse@iana.org

# ARIN WHOIS database, last updated 2005-03-05 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
0
Comment
Question by:Lucynka
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 13470221
Igmp attack? Sounds like spoofed packets... or just your box responding to someone multicast session.
NetType:    IANA Special Use
Comment:    This block is reserved for special purposes.
Comment:    Please see RFC 3171 for additional information.
http://www.faqs.org/rfcs/rfc3171.html (is this from a lan, or are you recieving this traffic through your internet connection)
Read here for a better understanding of multicast: http://en.wikipedia.org/wiki/Multicast
and IGMP http://en.wikipedia.org/wiki/Internet_Group_Management_Protocol
Again, it's broadcast traffic, so if other users on the same ip range/subnet are using one of the many multicast applications out there- your firewall could pick up on it. Or someone is spoofing packets, and a multicast server is then sending them to you be cause it thinks you want them.
-rich
0
 
LVL 5

Assisted Solution

by:tmehmet
tmehmet earned 480 total points
ID: 13470649

>Here is the text of the trace back of one of my port attacks

So basically you are are seeing multiple sources trying to scan you.

You need to know something about the internet, its much like the ocean. Traffic will come to you in waves, sometimes its qiet and sometimes its very busy. The fact that you are seeing multiple source addresses means that they are either spoofed (likely) or you are not popular for some reason.

the fact that you have apparently been scanned by IANA  reserved addresses (!!!!!!!!) suggests that you are definately seeing a spoofed scan. If you cant verify that the source is definately attacking you (not just portscanning) then you should not complain and you should be happy in the knowldge that you are able to detect such things, something many internet users know nothng about.

At this time, if all you are seeing is a port scan, you will not be in a position to complain becuase a) its not illegal b) the source is spoofed, complaining to IANA will not help becuase any of the many millions of users in the world could have generated that traffic, there is nothing IANA can do, they can ask millions of users to 'own up' to spoofing an address from their reserved range.






0
 
LVL 5

Expert Comment

by:tmehmet
ID: 13470664
if you really want to complain, you must go thru their abuse email, it is listed in your original post.

abuse@iana.org

0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 520 total points
ID: 13470737
You have not been scanned by iana... please read about the ip reservation in the RFC and the definition on http://en.wikipedia.org/wiki/Multicast
Most likely it's spoofed data someone sent to mbone or some other multicast service, and then the request's were sent to you- This sort of traffic is very common around universities, espically the ones that are part of the mbone structure.
-rich
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 13470749
This link should help both to understand more:
http://en.wikipedia.org/wiki/Multicast_address
http://www.iana.org/assignments/multicast-addresses
So if your seeing traffic from these address's it's likely a misconfigured router, or you NIC is in promiscious mode and picking up on traffic that is actually not intended for you.
-rich
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question