On 10/14/2010 06:21 PM, Patrick Lists wrote: > On 10/15/2010 12:56 AM, Rick Sewill wrote: > [snip] >>> Would you mind sharing which networks your attacks came from? >>> >> I hesitate to answer, but will. >> >> The people who own 67.222.1.124 and 184.106.213.202 >> were very cooperative and interested. >> >> The Chinese IP address was 218.14.146.200. >> I could connect to 218.14.146.200 port 80 and saw, >> what I thought, was a Chinese job website...I don't know Chinese. >> I apologize if the website is not Chinese. >> >> The attack packets had a user agent name of friendly-scanner. >> >> I assumed it was a version of something found at >> http://blog.sipvicious.org/ >> >> I assume it was looking for an asterisk server. >> >> Unfortunately, my twinkle client decided to reply. >> I tried looking for a twinkle configuration option to tell twinkle to >> just ignore REGISTER requests, to no avail. > It seems to be sipvicious although headers can be forged. The site looks > Chinese to my untrained eyes too. I searched on the Twinkle website but > couldn't find a way to ignore register requests. I don't know if other > clients also respond to register requests so can't recommend any > alternatives. > > Regards, > Patrick Try to use www.arin.net You will see that arin.net will not tell you to which network (such as APNIC ) it belongs. Very mysterious :) -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
