Attack from a reserved address

gboyce gboyce at
Wed Aug 30 19:37:18 EDT 2006

On Wed, 30 Aug 2006, Bill Horne wrote:

> The log fragment below is from the auth.log on my Debian Sarge box.
> I think someone is doing a dictionary attack: these have been coming in
> from this address for a couple of days, but when I put the IP into
> samspade (, it comes up "Reserved by IANA".

Running whois on that IP shows it allocated in Korea:

inetnum: -
netname:      PUBNETPLUS
descr:        DACOM-PUBNETPLUS
descr:        DACOM Bldg, 65-228. Hangangro3ga. Yongsan-gu, SEOUL, 140-716
descr:        ************************************************
descr:        Allocated to KRNIC Member.
descr:        If you would like to find assignment
descr:        information in detail please refer to
descr:        the KRNIC Whois Database at:
descr:        ""
descr:        ************************************************
country:      KR

The IANA reports as being registered by APNIC:

I'm guessing Sam Spade is running with old or just wrong data.


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Discuss mailing list