Displaying 16 results from an estimated 16 matches for "inetnum".
2011 May 16
1
issue with fail2ban letting IP's through
...-j ACCEPT
#
# Set default policies for INPUT, FORWARD and OUTPUT chains
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -s 202.0.0.0/8 -j DROP
This morning the ssh fail2ban jail blocked this:
202.205.176.125
and the email sent gave me this ip range:
inetnum: 202.205.176.0 - 202.205.191.255
That shouldn't have even been seen it should have been blocked by the
202/8 drop rule before fail2ban even saw it. Is that not so?
Suggestions welcome.
Thanks.
Dave.
2017 Dec 30
4
SIP invite timeouts : how is someone sending invites from our server ??
...ee
https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32000ms with no response
WARNING[1868]: chan_sip.c:4124 retrans_pkt: Timeout on
5YpLDUSIs6l3xbDXsurYTu.. on non-critical invite transaction.
Looking up the ip addresses :
whois 185.107.94.10
.............
inetnum: 185.107.94.0 - 185.107.94.255
netname: NFORCE_ENTERTAINMENT
descr: Serverhosting
..................
organisation: ORG-NE3-RIPE
org-name: NForce Entertainment B.V.
org-type: LIR
address: Postbus 1142
address: 4700BC
address: Roosendaal
addre...
2012 Jun 19
3
PMA attacks
...gle on this, and I gather it's looking for phpmyadmin. We've been
getting one from one specific network in Russia for weeks
Here are more information about 91.201.64.24:
[Querying whois.ripe.net]
[whois.ripe.net]
<snip>
% Information related to '91.201.64.0 - 91.201.67.255'
inetnum: 91.201.64.0 - 91.201.67.255
netname: Donekoserv
descr: DonEkoService Ltd
country: RU
<snip>
But now I'm seeing the same from Azerbaijan, and France, and elsewhere.
Two questions: first, are other folks seeing this? and second, I can't
imagine malwar...
2005 Mar 08
2
blacklist
What''s the difference between a newnotsyn DROP and a blacklist DROP?
Also, there''s a web site (SRC=62.193.203.132) that has been trying to
connect to port 25 for a couple of weeks now. Is there a way to get
someone upstream to add a block to that site for a small fish like me?
2004 Nov 12
1
Shorewall''s bogon file needs updating
...&w=2> and the
main Cymru bogon list at <http://www.cymru.com/Bogons/index.html>,
particularly <http://www.cymru.com/Documents/bogon-bn-agg.txt>.
I noted entires in my logs for dropped packets from the ''bogons'' rule
but the source IP is a legitimate assignment:
inetnum: 59.104.0.0 - 59.105.255.255
netname: SEEDNET-NET
country: TW
descr: Digital United I
descr: 7F,220,gangchi road
descr: Taipei Taiwan 114
admin-c: CY74-AP
tech-c: CY74-AP
status: ALLOCATED PORTABLE
mnt-by: MAINT-TW-TWNIC
changed: hm-ch...
2019 Nov 22
2
sendmail on Centos 7.7
...by 10 mx203.inbound-mx.net.
.w smtp-relay.gmail.com.com
smtp-relay.gmail.com.com has address 79.124.78.105
smtp-relay.gmail.com.com has address 79.124.78.101
smtp-relay.gmail.com.com mail is handled by 10 mx203.inbound-mx.net.
smtp-relay.gmail.com.com mail is handled by 10 mx203.inbound-mx.org.
inetnum: 79.124.78.0 - 79.124.78.255
descr: BlueAngelHost Pvt. Ltd
country: BG => Bulgaria
created: 2016-02-17T14:40:17Z
last-modified: 2018-07-17T00:58:15Z
source: RIPE
org-name: BlueAngelHost Pvt. Ltd
org-type: OTHER
person: David John
addre...
2011 Aug 17
2
(no subject)
http://www.kiyamato.com/irewin/catalog/images/work.php?html115
2004 Jun 04
1
Strange connection to the outside...
Hi all,
for some strange reason, our still-under-test Asterisk deployment wants
to contact the outside world and that raised some eyebrows here...
Just a sample of our firewall log:
--
...a=DROPIN=eth0 OUT=eth2 SRC=192.168.36.199 DST=195.77.113.194 LEN=476
TOS=0x10 PREC=0x00 TTL=62 ID=39572 DF PROTO=UDP SPT=5060 DPT=62975 LEN=456
--
Why is this happening? We got no relationship with the DST
2004 Aug 06
1
Slava Shklyar
ah, i banned his ass from our network a few weeks ago, same spew..
<p>Best Regards
Dave St. John
Mediacast1 Administration
(720-641-7586)
----- Original Message -----
From: "Raymond" <rsteding@tecwise.com>
To: <icecast@xiph.org>
Sent: Sunday, November 10, 2002 1:29 AM
Subject: Re: [icecast] Slava Shklyar
<p>> Yes please get rid of the user Slava Shklyar.
2010 Oct 11
4
SIP and ANI
Hi All,
My research indicates ANI is not really supported with SIP Channels or
passed between SIP servers, even with setting function CALLERID(ANI).
So the only place this applies is on PRI interfaces, when sending
calls out a ZAP PRI you can set the ANI to whatever and CID Number to
a different whatever so on the other end of the PRI you will receive
the two different values?
Is this correct or
2018 Jan 02
2
SIP invite timeouts : how is someone sending invites from our server ??
...Packet timed out after 32000ms with no response
> ?WARNING[1868]: chan_sip.c:4124 retrans_pkt: Timeout on
> 5YpLDUSIs6l3xbDXsurYTu.. on non-critical invite transaction.
>
> Looking up the ip addresses :
>
> whois 185.107.94.10
> .............
> inetnum:? ? ? ? 185.107.94.0 - 185.107.94.255
> netname:? ? ? ? NFORCE_ENTERTAINMENT
> descr:? ? ? ? ? Serverhosting
> ..................
> organisation:? ?ORG-NE3-RIPE
> org-name:? ? ? ?NForce Entertainment B.V.
> org-type:? ? ? ?LIR
> address:? ? ? ? Postb...
2005 Apr 21
0
Viral activitiy coming from an IP in your network.
...(Postfix) with SMTP id B4D4840D3
for <LARTC@mailman.ds9a.nl>; Thu, 21 Apr 2005 19:49:10 +0200 (CEST)
Below is WhoIs information on the subnet block that the IPs are in that send the viral emails:
----------------------------------------------------------------------------------------------
inetnum: 202.56.216.0 - 202.56.216.128
netname: BHARTI-IN
descr: Infrastructer
descr: Dail Up Pool for Touchnet Haryana
descr: Bharti Infotel Ltd.
descr: 234 , Okhla Phase III
descr: New Delhi
descr: India
country: IN
admin-c: NA40-AP
tech-c:...
2003 Jan 08
3
Shorewall blacklist does all
...n my apache server
from an infected Korean IT consultancy agency (duh!)
152.149.234.33 - - [08/Jan/2003:17:23:24 +0100]
"GET /default.ida?NNNNNNNNNN
On http://logi.cc/nw/NetCalc.php3 I calculate the IP
netblock from a whois and put it in /etc/shorewall/blacklist
with a little information.
# inetnum: 152.149.0.0 - 152.149.255.255
# netname: DAEWOO-KR
# descr: Daewoo Information Systems Co., Ltd.
# descr: ADMIN : CodeRed infected, and you are providing IT
professionals?
# country: KR
152.149.0.0/16
But in the same block is an website I can not look at? My full
blac...
2006 Dec 01
4
I've been hacked -- what should I do next?
My home system has been hacked. It's running CentOS 4.4, and I
recently added an account to play around with Samba shares to back up
PCs here at home. I had set a weak password for that account and
forgot to disable it after my testing. I could hear the disk being
accessed constantly, so I knew something was up. I disabled the port
forwarding to my CentOS box on my Linksys router
2019 Nov 22
7
sendmail on Centos 7.7
Hi All,
I am 'trying' to set SMART_HOST in sendmail to point to smtp-relay.gmail.com
but when looking at the /var/log/maillog its going to mx203.inbound-mx.net.
[192.110.255.243],
why???
my line from sendmail.mc
define(`SMART_HOST', `smtp-relay.gmail.com')
I did make in /etc/mail and service sendmail restart
This is the only SMART_HOST in the config file. I started with the
2014 Jun 06
3
Loss of Ethernet adaptor
At ~07:40 (UTC-4:00) this morning our gateway host lost its WAN Ethernet
adaptor. Subsequent to recovery, which required a reboot, the following
entries were find in /var/log/messages:
Jun 6 07:39:50 gway02 kernel: PING_FLOOD: IN=eth0 OUT= MAC=00:25:90:61:74:c0:00
:24:14:2b:f2:80:08:00 SRC=74.205.112.125 DST=216.185.71.33 LEN=64 TOS=0x00 PREC=
0x00 TTL=50 ID=30954 PROTO=ICMP TYPE=8 CODE=0