Login attacks
Randy Kelsoe
randykel at swbell.net
Wed Dec 8 18:02:10 UTC 2004
Serge de Souza wrote:
> Gerry Doris wrote:
> > I had so many problems with the 218.0.0.0/24 domain that I totally
>
>> blocked the entire domain. I believe this domain is in Korea.
>>
>
> How did you figure that one out ???
>
> whois 218.214.0.0
>
> [Querying whois.apnic.net]
> [whois.apnic.net]
> % [whois.apnic.net node-2]
> % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
>
> inetnum: 218.214.0.0 - 218.214.255.255
> netname: SWIFTEL
> descr: Swiftel Communications, Telecommunications Carrier
> Service Provider, Perth, WA
> country: AU
> ^^^^^
>
> Your method is obviously flawed ...
218.0.0.0/24 does not include 218.214.0.0, and 218.0.0.0/24 is owned by
various businesses in China.
The original message for this thread said the attack came from
218.232.109.187, which IS owned by Korea:
IPv4 Address : 218.232.109.0-218.232.109.255
Network Name : HANANET-INFRA
Connect ISP Name : HANANET
Org Name : Hanaro Telecom Inc.
State : SEOUL
Country : KOREA-KR
So, I would block the entire range of IP addresses (218.232.109.0/24)
More information about the fedora-list
mailing list