[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Login attacks



Serge de Souza wrote:

Gerry Doris wrote:
 > I had so many problems with the 218.0.0.0/24 domain that I totally

blocked the entire domain. I believe this domain is in Korea.


How did you figure that one out ???


whois 218.214.0.0

[Querying whois.apnic.net]
[whois.apnic.net]
% [whois.apnic.net node-2]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum: 218.214.0.0 - 218.214.255.255
netname: SWIFTEL
descr: Swiftel Communications, Telecommunications Carrier Service Provider, Perth, WA
country: AU
^^^^^


Your method is obviously flawed ...


218.0.0.0/24 does not include 218.214.0.0, and 218.0.0.0/24 is owned by various businesses in China.

The original message for this thread said the attack came from 218.232.109.187, which IS owned by Korea:

IPv4 Address : 218.232.109.0-218.232.109.255
Network Name : HANANET-INFRA
Connect ISP Name : HANANET
Org Name : Hanaro Telecom Inc. State : SEOUL
Country : KOREA-KR


So, I would block the entire range of IP addresses (218.232.109.0/24)






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]