List collector and anonymizer server HT da mettere in black list.
Pane per il firewall, anche se cambieranno un pò tutto magari è meglio
bloccare questa lista di ip dal vostro firewall e fare una ricerca nei
file di log se sono arrivate connessioni in entrata o in uscita da
questo
elenco di ip.
https://wikileaks.org/hackingteam/emails/emailid/109655
E mettere in black list anche tutti gli ip che arrivano dai seguenti
ISP HOST:
http://www.sparknode.com/
https://www.vpscheap.net/
http://nqhost.com/
Whois è tuo amico
whois -a <IP Address>
Esempio (IP preso dalla lista "collector or anonymizer server?)
[root@kypck ~]# whois -a 88.49.232.172
[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See
http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '88.49.232.168 - 88.49.232.175'
% Abuse contact for '88.49.232.168 - 88.49.232.175' is
'abuse@???'
inetnum: 88.49.232.168 - 88.49.232.175
netname: LOGISTICAINTEGRATA
descr: LOGISTICA INTEGRATA
country: IT
admin-c: AN3013-RIPE
tech-c: AN3015-RIPE
status: ASSIGNED PA
mnt-by: INTERB-MNT
created: 2007-03-20T10:41:07Z
last-modified: 2008-07-26T04:06:26Z
source: RIPE # Filtered
[... il resto scopritelo da soli...]
_______________________________________________________________________
https://apps.db.ripe.net/search/query.html?searchtext=68.233.232.140
A chi è assegnato un determinato ip (RIPE query ip europei)
https://apps.db.ripe.net/search/query.html?searchtext=<IP ADDRESS>
Esempio (IP preso dalla lista "collector or anonymizer server?)
https://apps.db.ripe.net/search/query.html?searchtext=88.49.232.172
Tools RIPE stat
https://stat.ripe.net/ (ASXXX, IP, GEOLOC, ETC)
Happy Hacking!
--
P@sKy
Makkinista - Fuokista
http://www.ecn.org/
GPG/PGP keys available via keyservers http://pgpkeys.mit.edu:11371/
DSA: 6CBE 6982 5C10 CFF0 D676 6420 C1C5 B8EC 8690 0F88
RSA: 40 6B 54 8C 20 A0 F6 0B 4C 96 AA 34 D3 FB DC 8C