Help needed

[dra007]

Can someone help me track 58.140.12.111 ...they keep trying to attack me with trojan horses. I know they are owened by an Asian network, but couldn't dig more info.

Thanks :angry:

[Wazoo]

whois -h whois.apnic.net 58.140.12.111 ...

% [whois.apnic.net node-1]

% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 58.140.0.0 - 58.143.255.255

netname: CNM

descr: C&M Communication Co., Ltd.

descr: SungHak B/D, 186, SongPa2-dong, SongPa-gu, Seoul, 138-172

descr: ************************************************

descr: Allocated to KRNIC Member.

descr: If you would like to find assignment

descr: information in detail please refer to

descr: the KRNIC Whois Database at:

descr: "http://whois.nida.or.kr/english/index.html"

descr: ************************************************

country: KR

admin-c: SB304-AP

tech-c: SB304-AP

remarks: www.cnm.co.kr

mnt-by: MNT-KRNIC-AP

mnt-lower: MNT-KRNIC-AP

status: ALLOCATED PORTABLE

changed: hm-changed[at]apnic.net 20050524

source: APNIC

query: 58.140.12.111

# ENGLISH

KRNIC is not a ISP but a National Internet Registry similar to APNIC.

The IPv4 address is allocated and still held by the following ISP, or

its Whois information is not updated after assigned to end-users.

Please see the following ISP contacts for further information

or network abuse.

[ ISP Network Abuse Contact Information ]

Name : Bang Seunghyun

Phone : +82-2-2240-9743

Fax : +82-2-2240-9793

E-mail : pcsalts[at]cnm.co.kr

07/29/05 12:15:59 Slow traceroute 58.140.12.111

Trace 58.140.12.111 ...

210.120.248.71 RTT: 196ms TTL: 96 (No rDNS)

211.180.12.182 RTT: 215ms TTL: 96 (No rDNS)

172.20.0.10 RTT: 193ms TTL: 96 (No rDNS)

172.20.0.18 RTT: 196ms TTL: 96 (No rDNS)

172.20.12.6 RTT: 191ms TTL: 96 (No rDNS)

58.140.12.111 RTT: 200ms TTL:113 (No rDNS)

very interesting route showing there ..... as in some IPs should not be showing ...

inetnum: 211.180.0.0 - 211.180.255.255

netname: BORANET-NET-211-180

descr: DACOM Corp.

descr: Facility-based Telecommunication Service Provider

descr: providing Internet leased-ine, on-line service, BLL etc.

country: KR

e-mail: ipadm[at]nic.bora.net

e-mail: abuse[at]bora.net

e-mail: security[at]bora.net

[Jeff G.]

203.255.234.197 and 203.255.234.45 are allocated to KRNIC, but KRNIC says for each:

The IPv4 address is allocated from APNIC to KRNIC.

KRNIC is holding the IPv4 address for further allocation to its member ISPs

in the furture. If you have any question with the IPv4 address,

Please contact at hostmaster[at]nic.or.kr

I'd suggest you do just that, as well as contacting the immediate upstream (from my POV) via abuse[at]level3.net and spamtool[at]level3.net.

[dra007]

Thank you both, knowing these guys I doubt a contact would give positive results. I'll have to keep my fingers crossed and hope my firewall will detect and stop their attacks...

[Jeff G.]

You're welcome. "security[at]" can be a useful tool in such situations, and so can a phone call to your ISP's security team.

Also, please be aware that rwhois.stargate.net is currently unresponsive.

[dra007]

It's registered under a different name. It has been for a long time. But I'd rather not put it here, it has been spam free for some time. Thank you.

[Jeff G.]

At present, a SpamCop Report concerning dra007's posting IP Address would be sent to security[at]stargate.net. If that's no longer appropriate, the whois records should be changed.