Attack from a reserved address
gboyce
gboyce at badbelly.com
Wed Aug 30 19:37:18 EDT 2006
On Wed, 30 Aug 2006, Bill Horne wrote:
> The log fragment below is from the auth.log on my Debian Sarge box.
> I think someone is doing a dictionary attack: these have been coming in
> from this address for a couple of days, but when I put the IP into
> samspade (http://www.samspade.org/), it comes up "Reserved by IANA".
Running whois on that IP shows it allocated in Korea:
inetnum: 125.248.0.0 - 125.251.255.255
netname: PUBNETPLUS
descr: DACOM-PUBNETPLUS
descr: DACOM Bldg, 65-228. Hangangro3ga. Yongsan-gu, SEOUL, 140-716
descr: ************************************************
descr: Allocated to KRNIC Member.
descr: If you would like to find assignment
descr: information in detail please refer to
descr: the KRNIC Whois Database at:
descr: "http://whois.nic.or.kr/english/index.html"
descr: ************************************************
country: KR
The IANA reports 125.0.0.0/8 as being registered by APNIC:
http://www.iana.org/assignments/ipv4-address-space
I'm guessing Sam Spade is running with old or just wrong data.
--
Greg
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Discuss
mailing list