Looking at my log file from my firewall reveals that not I've got people trying to through my firewall from...
66.189.81.226 (and 246) (http connect attempts) 62.163.126.100 (same domain as yesterday)
How do I track them back to the ISP's and send a message to their abuse@ address?
Someone's trying to ping me from 66.189.24.226 as well.
[dogbert@ladyluck /]$ host 66.189.81.226 226.81.189.66.in-addr.arpa domain name pointer cpe-66-189-81-226.ma.charter.com.[dogbert@ladyluck /]$ host 62.163.126.100 100.126.163.62.in-addr.arpa domain name pointer a126100.upc-a.chello.nl. [dogbert@ladyluck /]$ host 66.189.24.226 226.24.189.66.in-addr.arpa domain name pointer cpe-66-189-24-226.ma.charter.com.
Am I being paranoid or could my isp be trying to crack my firewall to see if I've got any servers running?
Port scanning isn't illegal, I wouldn't be that concerned unless something actually gets broken into, and it doesn't sound like you're in imminent danger of that. There's a lot of noise that's gonna show up in firewall or PortSentry-type logs, especially on cable or DSL IP ranges, I really don't pay it much attention myself. It's your call, of course. Brian J. Conway bconway@wpi.edu "LINUX is obsolete" - Andrew S. Tanenbaum, creator of Minix - Jan 29, 1992