[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] warning
- Subject: [cobalt-security] warning
- From: "Kai Schantz, Euroweb" <kai@xxxxxxxxxx>
- Date: Wed, 2 May 2001 11:07:57 +0200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
The people with IP 211.190.0.195 have been trying to hack my raq4 severeal
days. Has anybody a way to "block all Asia" from
all kind of conection to our raqs? This becuse we only hold norwegian sites,
and therefore I am better of safe than sorry. All of you other admins should
allso take a look at this IP.
Server Name: MEERAE1.MEERAEENG.COM
IP Address: 211.190.0.195
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Referral URL: www.networksolutions.com
inetnum: 211.172.0.0 - 211.199.255.255
netname: KRNIC-KR-27
descr: KRNIC
descr: Korea Network Information Center
country: KR
admin-c: WK1-AP
tech-c: SL119-AP
remarks: KRNIC Allocation Block
remarks: Authoritative Information regarding assignments and
remarks: allocations made from within this block can also be
remarks: queried at whois.nic.or.kr
mnt-by: APNIC-HM
Some of the log:
May 1 16:48:45 www portsentry[1138]: attackalert: SYN/Normal scan from
host: 211.190.0.195/211.190.0.195 to TCP port: 111
May 1 16:48:45 www portsentry[1138]: attackalert: Host 211.190.0.195 has
been blocked via wrappers with string: "ALL: 211.190.0.195"
May 1 16:48:45 www portsentry[1138]: attackalert: SYN/Normal scan from
host: 211.190.0.195/211.190.0.195 to TCP port: 111
May 1 16:48:45 www portsentry[1138]: attackalert: Host:
211.190.0.195/211.190.0.195 is already blocked Ignoring
May 1 16:48:45 www portsentry[1138]: attackalert: SYN/Normal scan from
host: 211.190.0.195/211.190.0.195 to TCP port: 111
May 1 16:48:45 www portsentry[1138]: attackalert: Host:
211.190.0.195/211.190.0.195 is already blocked Ignoring
May 1 16:48:45 www portsentry[1138]: attackalert: SYN/Normal scan from
host: 211.190.0.195/211.190.0.195 to TCP port: 111
May 1 16:48:45 www portsentry[1138]: attackalert: Host:
211.190.0.195/211.190.0.195 is already blocked Ignoring
May 1 16:48:45 www portsentry[1138]: attackalert: SYN/Normal scan from
host: 211.190.0.195/211.190.0.195 to TCP port: 111
May 1 16:48:45 www portsentry[1138]: attackalert: Host:
211.190.0.195/211.190.0.195 is already blocked Ignoring
May 1 16:48:45 www portsentry[1138]: attackalert: SYN/Normal scan from
host: 211.190.0.195/211.190.0.195 to TCP port: 111
May 1 16:48:45 www portsentry[1138]: attackalert: Host:
211.190.0.195/211.190.0.195 is already blocked Ignoring
May 1 16:48:45 www portsentry[1138]: attackalert: SYN/Normal scan from
host: 211.190.0.195/211.190.0.195 to TCP port: 111
May 1 16:48:45 www portsentry[1138]: attackalert: Host:
211.190.0.195/211.190.0.195 is already blocked Ignoring
May 1 16:48:45 www portsentry[1138]: attackalert: SYN/Normal scan from
host: 211.190.0.195/211.190.0.195 to TCP port: 111
May 1 16:48:45 www portsentry[1138]: attackalert: Host:
211.190.0.195/211.190.0.195 is already blocked Ignoring
May 1 16:48:45 www portsentry[1138]: attackalert: SYN/Normal scan from
host: 211.190.0.195/211.190.0.195 to TCP port: 111
May 1 16:48:45 www portsentry[1138]: attackalert: Host:
211.190.0.195/211.190.0.195 is already blocked Ignoring
Best Regards to you all, and wish all good luck in the fight against
hackers.
Kai R Schantz
Euroweb As
Norway