whois -h whois.arin.net off.end.ing.ip

will give you the whois record for the ip, or tell you the whois server 
to go to (eg, at APNIC).  your version of whois may figure this out for 
you so the -h argument might be optional.

I get what you describe daily on my server.  The machines are botted and 
  I don't think there's much point to complaining.

Spending your time keeping your machine locked down is the best response 
  to this as opposed to drafting abuse emails for every last IP that 
shows up.  if they in fact got in, then I'd of course be banging down 
their door.

--sean

Carl Parrish wrote:
> I can use the collective's advise on this. from my logs I see that one 
> IP address tried to login to one of my servers 32 times they tried 16 
> different user name / passwd combos.  How should I deal with this?
> 
> I know all IP addresses fo people authorized to login to this server 
> this is not one of them.
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss