ajvishus Posted December 3, 2008 Share Posted December 3, 2008 For hours the IP 66.20.181.134 trying to portscan, has been blocked by my Norton AV several times. Is their anyway to fully block it, cuz I'm getting annoyed knowing spam/hacker is trying to pick and prod in my Imac. PLEASE HELP Link to comment Share on other sites More sharing options...
Chris Bulow Posted December 4, 2008 Share Posted December 4, 2008 Looks like a Bell-South customer. Abuse contact details in the WHOIS below whois 66.20.181.134 OrgName: BellSouth.net Inc. OrgID: BELL Address: 575 Morosgo Drive City: Atlanta StateProv: GA PostalCode: 30324 Country: US ReferralServer: rwhois://rwhois.eng.bellsouth.net:4321 NetRange: 66.20.0.0 - 66.21.255.255 CIDR: 66.20.0.0/15 NetName: BELLSNET-BLK8 NetHandle: NET-66-20-0-0-1 Parent: NET-66-0-0-0-0 NetType: Direct Allocation NameServer: AUTH-DNS.ASM.BELLSOUTH.NET NameServer: AUTH-DNS.MIA.BELLSOUTH.NET NameServer: AUTH-DNS.MSY.BELLSOUTH.NET Comment: Comment: For Abuse Issues, email abuse@bellsouth.net. NO ATTACHMENTS. Include IP Comment: address, time/date, message header, and attack logs. Comment: For Subpoena Request, email ipoperations@bellsouth.net with "SUBPOENA" in Comment: the subject line. Law Enforcement Agencies ONLY, please. RegDate: 2000-09-14 Updated: 2007-02-28 RAbuseHandle: ABUSE81-ARIN RAbuseName: Abuse Group RAbusePhone: +1-404-499-5224 RAbuseEmail: abuse@bellsouth.net RTechHandle: JG726-ARIN RTechName: Geurin, Joe RTechPhone: +1-404-499-5240 RTechEmail: ipoperations@bellsouth.net OrgAbuseHandle: ABUSE81-ARIN OrgAbuseName: Abuse Group OrgAbusePhone: +1-404-499-5224 OrgAbuseEmail: abuse@bellsouth.net OrgTechHandle: JG726-ARIN OrgTechName: Geurin, Joe OrgTechPhone: +1-404-499-5240 OrgTechEmail: ipoperations@bellsouth.net # ARIN WHOIS database, last updated 2008-12-02 19:10 Link to comment Share on other sites More sharing options...
ajvishus Posted December 4, 2008 Author Share Posted December 4, 2008 Did that earlier, and this is what i got... is their any way i can just Block his/her IP Address from ticking off my Norton all the time or become invisible? THIS IS AN AUTO-RESPONSE MESSAGE - PLEASE DO NOT REPLY - AT&T WILL NOT SEE ANY REPLY SENT TO THIS MESSAGE This message confirms that your report has been received by the AT&T Internet Services Security Center. The AT&T Internet Services Acceptable Use Policy is located at http://my.att.net/legal/aup. Please note that we can only take action on reports that implicate the AT&T network as a source of abuse. As we are unable to take any action on reports not involving AT&T's network, we recommend that you send those reports directly to the abuse address of the originating domain or service provider. You can identify the originator by reading the expanded e-mail headers. If you need help with reading headers, visit the following: http://spamcop.net/fom-serve/cache/19.html For any abuse report involving e-mail, it is essential that the report include the full original expanded headers containing the source IP address and time stamp, along with the complete unedited subject line and message. A report cannot be investigated without this information. Please send one report at a time, as combining multiple reports only detracts from our ability to effectively and efficiently address abuse issues. For abuse reports involving security incidents, please include relevant log excerpts of the incident directly in the body of your message. Logs must be in plain text or ASCII format and include the time zone, source IP address, destination IP, timestamps, and port numbers. If you are an AT&T customer and have a specific question related to spam, including how to report messages you received as spam to AT&T, please visit http://helpme.att.net, enter your email id and domain, and use the help search box to search for "spam" to reference Spam FAQs for your service type. For Copyright, Trademark, or DMCA allegations of Infringement, please visit: http://www.att.net/legal/copyright If your report involves a threat, please take steps to protect yourself and your property by reporting the incident to your local law enforcement agency. We will investigate your complaint and cooperate fully with any requests from law enforcement. You will receive no further contact from us, unless there are special circumstances or we require additional information to complete our investigation. AT&T Internet Services Security Center Link to comment Share on other sites More sharing options...
hoyanf Posted December 4, 2008 Share Posted December 4, 2008 For hours the IP 66.20.181.134 trying to portscan, has been blocked by my Norton AV several times. Is their anyway to fully block it, cuz I'm getting annoyed knowing spam/hacker is trying to pick and prod in my Imac. PLEASE HELP Using the builtin host.deny should do it... sudo nano /etc/hosts.deny ALL: 66.20.181.134, xxx.xxx.xxx.xxx something simpler :- sudo echo 'ALL: 66.20.181.134' >> /etc/hosts.deny check to see if it is there :- cat /etc/hosts.deny Regards, hoyanf Link to comment Share on other sites More sharing options...
Chris Bulow Posted December 4, 2008 Share Posted December 4, 2008 Nice, will remember that. Link to comment Share on other sites More sharing options...
ajvishus Posted December 4, 2008 Author Share Posted December 4, 2008 thanx for the advice osx86 Recently the attacks have stopped, so i hope I don't have to do that Link to comment Share on other sites More sharing options...
Recommended Posts