What does a responsible admin do if ...
Cottrell, Les
cottrell at slac.stanford.edu
Mon May 14 08:07:00 PDT 2007
BTW although it does not respond to ping, mail.cressnet.ir does repond to port 80 (www, try http://mail.cressnet.ir/src/login.php) with an RTT of ~500ms from SLAC, port 25 (SMTP), port 22 (ssh) but not ports 37, 79, 53, 7.
-----Original Message-----
From: Cottrell, Les
Sent: Monday, May 14, 2007 7:57 AM
To: 'Asheesh Laroia'; David Wolfskill
Cc: baylisa at baylisa.org; Faran Javed
Subject: RE: What does a responsible admin do if ...
Also http://www.geoiptool.com/en/?IP=213.176.96.5 shows it as being in Iran/Tehran. However pinging 213.176.96.5 from Vancouver shows min-RTT (5 pings) of 27ms, Ottawa 94ms, Oak Ridge 67ms, Long Island 94ms, ~140ms from UK. Thus it would appear to be in N. America. It is also not pingable (times out with no echoes) from many sites (e.g. SLAC.Stanford.EDU). On the other hand traceroute from SLAC shows the route with router names in Tehran and RTTs consistent with Iran and 213.176.96.5 identifies itself at the end hop as mail.cressnet.ir. Also mut.ac.ir shows up (from SLAC) as an unknown host and does not ping from any of 50 sites worldwide nor does mail.cressnet.ir.
-----Original Message-----
From: owner-baylisa at baylisa.org [mailto:owner-baylisa at baylisa.org] On Behalf Of Asheesh Laroia
Sent: Monday, May 14, 2007 7:03 AM
To: David Wolfskill
Cc: baylisa at baylisa.org
Subject: Re: What does a responsible admin do if ...
On Mon, 14 May 2007, David Wolfskill wrote:
> ... undesirable behavior is seen from a netblock for which there is no
> email contact information?
In my opinion, you do the same thing you would normally do: Use a system like fail2ban <http://www.fail2ban.org> to automatically block IPs that repeatedly fail to authenticate. When the attempts stop for a short while, the ban will lift, but repeated attempts again will restart the ban.
After all, if they're failing to authenticate, what's the problem? (-;
You could try Googling the RIPE WHOIS info results; the domain seems to be mut.ac.ir which has an email address listed, at least.
-- Asheesh.
--
Nobody knows the trouble I've been.
More information about the Baylisa
mailing list