dra007 Posted July 29, 2005 Posted July 29, 2005 Can someone help me track 58.140.12.111 ...they keep trying to attack me with trojan horses. I know they are owened by an Asian network, but couldn't dig more info. Thanks :angry:
Wazoo Posted July 29, 2005 Posted July 29, 2005 whois -h whois.apnic.net 58.140.12.111 ... % [whois.apnic.net node-1] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html inetnum: 58.140.0.0 - 58.143.255.255 netname: CNM descr: C&M Communication Co., Ltd. descr: SungHak B/D, 186, SongPa2-dong, SongPa-gu, Seoul, 138-172 descr: ************************************************ descr: Allocated to KRNIC Member. descr: If you would like to find assignment descr: information in detail please refer to descr: the KRNIC Whois Database at: descr: "http://whois.nida.or.kr/english/index.html" descr: ************************************************ country: KR admin-c: SB304-AP tech-c: SB304-AP remarks: www.cnm.co.kr mnt-by: MNT-KRNIC-AP mnt-lower: MNT-KRNIC-AP status: ALLOCATED PORTABLE changed: hm-changed[at]apnic.net 20050524 source: APNIC query: 58.140.12.111 # ENGLISH KRNIC is not a ISP but a National Internet Registry similar to APNIC. The IPv4 address is allocated and still held by the following ISP, or its Whois information is not updated after assigned to end-users. Please see the following ISP contacts for further information or network abuse. [ ISP Network Abuse Contact Information ] Name : Bang Seunghyun Phone : +82-2-2240-9743 Fax : +82-2-2240-9793 E-mail : pcsalts[at]cnm.co.kr 07/29/05 12:15:59 Slow traceroute 58.140.12.111 Trace 58.140.12.111 ... 210.120.248.71 RTT: 196ms TTL: 96 (No rDNS) 211.180.12.182 RTT: 215ms TTL: 96 (No rDNS) 172.20.0.10 RTT: 193ms TTL: 96 (No rDNS) 172.20.0.18 RTT: 196ms TTL: 96 (No rDNS) 172.20.12.6 RTT: 191ms TTL: 96 (No rDNS) 58.140.12.111 RTT: 200ms TTL:113 (No rDNS) very interesting route showing there ..... as in some IPs should not be showing ... inetnum: 211.180.0.0 - 211.180.255.255 netname: BORANET-NET-211-180 descr: DACOM Corp. descr: Facility-based Telecommunication Service Provider descr: providing Internet leased-ine, on-line service, BLL etc. country: KR e-mail: ipadm[at]nic.bora.net e-mail: abuse[at]bora.net e-mail: security[at]bora.net
Jeff G. Posted July 29, 2005 Posted July 29, 2005 203.255.234.197 and 203.255.234.45 are allocated to KRNIC, but KRNIC says for each: The IPv4 address is allocated from APNIC to KRNIC. KRNIC is holding the IPv4 address for further allocation to its member ISPs in the furture. If you have any question with the IPv4 address, Please contact at hostmaster[at]nic.or.kr I'd suggest you do just that, as well as contacting the immediate upstream (from my POV) via abuse[at]level3.net and spamtool[at]level3.net.
dra007 Posted July 29, 2005 Author Posted July 29, 2005 Thank you both, knowing these guys I doubt a contact would give positive results. I'll have to keep my fingers crossed and hope my firewall will detect and stop their attacks...
Jeff G. Posted July 29, 2005 Posted July 29, 2005 You're welcome. "security[at]" can be a useful tool in such situations, and so can a phone call to your ISP's security team. Also, please be aware that rwhois.stargate.net is currently unresponsive.
dra007 Posted July 29, 2005 Author Posted July 29, 2005 It's registered under a different name. It has been for a long time. But I'd rather not put it here, it has been spam free for some time. Thank you.
Jeff G. Posted July 29, 2005 Posted July 29, 2005 At present, a SpamCop Report concerning dra007's posting IP Address would be sent to security[at]stargate.net. If that's no longer appropriate, the whois records should be changed.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.