Re: Login attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Serge de Souza wrote:

Gerry Doris wrote:
 > I had so many problems with the 218.0.0.0/24 domain that I totally

blocked the entire domain.  I believe this domain is in Korea.


How did you figure that one out ???

whois 218.214.0.0

[Querying whois.apnic.net]
[whois.apnic.net]
% [whois.apnic.net node-2]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum: 218.214.0.0 - 218.214.255.255
netname: SWIFTEL
descr: Swiftel Communications, Telecommunications Carrier Service Provider, Perth, WA
country: AU
^^^^^


Your method is obviously flawed ...


218.0.0.0/24 does not include 218.214.0.0, and 218.0.0.0/24 is owned by various businesses in China.

The original message for this thread said the attack came from 218.232.109.187, which IS owned by Korea:

IPv4 Address : 218.232.109.0-218.232.109.255
Network Name : HANANET-INFRA
Connect ISP Name : HANANET
Org Name : Hanaro Telecom Inc. State : SEOUL
Country : KOREA-KR


So, I would block the entire range of IP addresses (218.232.109.0/24)






[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux