[PLUG] whois
Lancashire, Pete
plancashire at ci.portland.or.us
Sat Apr 8 23:56:20 UTC 2006
the ones i love are the ones that come from some gov't agency in CN
> -----Original Message-----
> From: tali [mailto:twhacker at gmail.com]
> Sent: Saturday, April 08, 2006 4:54 PM
> To: General Linux/UNIX discussion and help, civil and on-topic
> Subject: Re: [PLUG] whois
>
>
> bots scan the net for open ports and services then launch automated
> attacks, you'd be suprised at how frequent and common it is
>
> On 4/8/06, Ryan <rmannon at comcast.net> wrote:
> > I seem to have about 30,000 attempts from that IP. I have
> about 20,00
> > from some lady at a university in Spain and about 10,000
> from Level 3
> > Communications in Broomfield Colorado. I would assume the last two
> > probably don't even know that they are trying. ZOMBIES! ZOMBIES
> > everywhere! Where is my chainsaw and boom stick from
> S-mart? ;) Kind of
> > odd but I never even got unknown queries until 5 days ago.
> >
> >
> >
> >
> > On Sat, 2006-04-08 at 16:08 -0700, Lancashire, Pete wrote:
> > > > does anybody else get bombarded with queries from china?
> > >
> > > the last time i did a location vs. hack attempt CN was
> > > running about 50-60%
> > >
> > > -pete
> > >
> > >
> > > > -----Original Message-----
> > > > From: Ryan [mailto:rmannon at comcast.net]
> > > > Sent: Saturday, April 08, 2006 3:52 PM
> > > > To: General Linux/UNIX discussion and help; civil and on-topic
> > > > Subject: [PLUG] whois
> > > >
> > > >
> > > > I'm kinda new to this whois stuff. Here is what I got so far.
> > > >
> > > > I have an ftp server set up so I can access my music
> from pretty much
> > > > anywhere. But in the last day or so I have recieved a
> whole bunch of
> > > > requests from 218.28.46.206. I have a pretty cryptic
> > > > password set up so
> > > > I don't think I have to worry about the person getting in.
> > > >
> > > > running whois gets me this output:
> > > >
> > > > bash-3.00$ whois 218.28.46.206
> > > > % [whois.apnic.net node-1]
> > > > % Whois data copyright terms
> > > > http://www.apnic.net/db/dbcopyright.html
> > > >
> > > > inetnum: 218.28.46.192 - 218.28.46.223
> > > > netname: HA-ZZ-TELEVISION-STATION
> > > > country: CN
> > > > descr: Henan Television Station,
> > > > descr: No 18 Zhenghua Road,
> > > > descr: Zhengzhou City,
> > > > descr: Henan Province.
> > > > admin-c: WW444-AP
> > > > tech-c: WW444-AP
> > > > status: ASSIGNED NON-PORTABLE
> > > > changed: hn_iphost at sohu.com 20060207
> > > > mnt-by: MAINT-CNCGROUP-HA
> > > > source: APNIC
> > > >
> > > > route: 218.28.0.0/15
> > > > descr: CNC Group CHINA169 Henan Province Network
> > > > country: CN
> > > > origin: AS4837
> > > > mnt-by: MAINT-CNCGROUP-RR
> > > > changed: abuse at cnc-noc.net 20060118
> > > > source: APNIC
> > > >
> > > > person: Wei Wang
> > > > nic-hdl: WW444-AP
> > > > e-mail: abuse at public.zz.ha.cn
> > > > address: #37 Wei Wu Road, Zhengzhou, Henan Provice
> > > > phone: +86-371-65952358
> > > > fax-no: +86-371-65968952
> > > > country: CN
> > > > changed: wangw at data.zz.ha.cn 20060205
> > > > mnt-by: MAINT-CNCGROUP-HA
> > > > source: APNIC
> > > >
> > > >
> > > > I'm just going to block the IP at my router but my
> question is, does
> > > > anybody else get bombarded with queries from china?
> > > >
> > > > _______________________________________________
> > > > PLUG mailing list
> > > > PLUG at lists.pdxlinux.org
> > > > http://lists.pdxlinux.org/mailman/listinfo/plug
> > > >
> > > _______________________________________________
> > > PLUG mailing list
> > > PLUG at lists.pdxlinux.org
> > > http://lists.pdxlinux.org/mailman/listinfo/plug
> >
> > _______________________________________________
> > PLUG mailing list
> > PLUG at lists.pdxlinux.org
> > http://lists.pdxlinux.org/mailman/listinfo/plug
> >
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
More information about the PLUG
mailing list