search for: inetnum

...-j ACCEPT # # Set default policies for INPUT, FORWARD and OUTPUT chains iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT iptables -A INPUT -s 202.0.0.0/8 -j DROP This morning the ssh fail2ban jail blocked this: 202.205.176.125 and the email sent gave me this ip range: inetnum: 202.205.176.0 - 202.205.191.255 That shouldn't have even been seen it should have been blocked by the 202/8 drop rule before fail2ban even saw it. Is that not so? Suggestions welcome. Thanks. Dave.

...ee https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions Packet timed out after 32000ms with no response WARNING[1868]: chan_sip.c:4124 retrans_pkt: Timeout on 5YpLDUSIs6l3xbDXsurYTu.. on non-critical invite transaction. Looking up the ip addresses : whois 185.107.94.10 ............. inetnum: 185.107.94.0 - 185.107.94.255 netname: NFORCE_ENTERTAINMENT descr: Serverhosting .................. organisation: ORG-NE3-RIPE org-name: NForce Entertainment B.V. org-type: LIR address: Postbus 1142 address: 4700BC address: Roosendaal addre...

...gle on this, and I gather it's looking for phpmyadmin. We've been getting one from one specific network in Russia for weeks Here are more information about 91.201.64.24: [Querying whois.ripe.net] [whois.ripe.net] <snip> % Information related to '91.201.64.0 - 91.201.67.255' inetnum: 91.201.64.0 - 91.201.67.255 netname: Donekoserv descr: DonEkoService Ltd country: RU <snip> But now I'm seeing the same from Azerbaijan, and France, and elsewhere. Two questions: first, are other folks seeing this? and second, I can't imagine malwar...

What''s the difference between a newnotsyn DROP and a blacklist DROP? Also, there''s a web site (SRC=62.193.203.132) that has been trying to connect to port 25 for a couple of weeks now. Is there a way to get someone upstream to add a block to that site for a small fish like me?

...&w=2> and the main Cymru bogon list at <http://www.cymru.com/Bogons/index.html>, particularly <http://www.cymru.com/Documents/bogon-bn-agg.txt>. I noted entires in my logs for dropped packets from the ''bogons'' rule but the source IP is a legitimate assignment: inetnum: 59.104.0.0 - 59.105.255.255 netname: SEEDNET-NET country: TW descr: Digital United I descr: 7F,220,gangchi road descr: Taipei Taiwan 114 admin-c: CY74-AP tech-c: CY74-AP status: ALLOCATED PORTABLE mnt-by: MAINT-TW-TWNIC changed: hm-ch...

...by 10 mx203.inbound-mx.net. .w smtp-relay.gmail.com.com smtp-relay.gmail.com.com has address 79.124.78.105 smtp-relay.gmail.com.com has address 79.124.78.101 smtp-relay.gmail.com.com mail is handled by 10 mx203.inbound-mx.net. smtp-relay.gmail.com.com mail is handled by 10 mx203.inbound-mx.org. inetnum: 79.124.78.0 - 79.124.78.255 descr: BlueAngelHost Pvt. Ltd country: BG => Bulgaria created: 2016-02-17T14:40:17Z last-modified: 2018-07-17T00:58:15Z source: RIPE org-name: BlueAngelHost Pvt. Ltd org-type: OTHER person: David John addre...

http://www.kiyamato.com/irewin/catalog/images/work.php?html115

Hi all, for some strange reason, our still-under-test Asterisk deployment wants to contact the outside world and that raised some eyebrows here... Just a sample of our firewall log: -- ...a=DROPIN=eth0 OUT=eth2 SRC=192.168.36.199 DST=195.77.113.194 LEN=476 TOS=0x10 PREC=0x00 TTL=62 ID=39572 DF PROTO=UDP SPT=5060 DPT=62975 LEN=456 -- Why is this happening? We got no relationship with the DST

ah, i banned his ass from our network a few weeks ago, same spew.. <p>Best Regards Dave St. John Mediacast1 Administration (720-641-7586) ----- Original Message ----- From: "Raymond" <rsteding@tecwise.com> To: <icecast@xiph.org> Sent: Sunday, November 10, 2002 1:29 AM Subject: Re: [icecast] Slava Shklyar <p>> Yes please get rid of the user Slava Shklyar.

Hi All, My research indicates ANI is not really supported with SIP Channels or passed between SIP servers, even with setting function CALLERID(ANI). So the only place this applies is on PRI interfaces, when sending calls out a ZAP PRI you can set the ANI to whatever and CID Number to a different whatever so on the other end of the PRI you will receive the two different values? Is this correct or

...Packet timed out after 32000ms with no response > ?WARNING[1868]: chan_sip.c:4124 retrans_pkt: Timeout on > 5YpLDUSIs6l3xbDXsurYTu.. on non-critical invite transaction. > > Looking up the ip addresses : > > whois 185.107.94.10 > ............. > inetnum:? ? ? ? 185.107.94.0 - 185.107.94.255 > netname:? ? ? ? NFORCE_ENTERTAINMENT > descr:? ? ? ? ? Serverhosting > .................. > organisation:? ?ORG-NE3-RIPE > org-name:? ? ? ?NForce Entertainment B.V. > org-type:? ? ? ?LIR > address:? ? ? ? Postb...

...(Postfix) with SMTP id B4D4840D3 for <LARTC@mailman.ds9a.nl>; Thu, 21 Apr 2005 19:49:10 +0200 (CEST) Below is WhoIs information on the subnet block that the IPs are in that send the viral emails: ---------------------------------------------------------------------------------------------- inetnum: 202.56.216.0 - 202.56.216.128 netname: BHARTI-IN descr: Infrastructer descr: Dail Up Pool for Touchnet Haryana descr: Bharti Infotel Ltd. descr: 234 , Okhla Phase III descr: New Delhi descr: India country: IN admin-c: NA40-AP tech-c:...

...n my apache server from an infected Korean IT consultancy agency (duh!) 152.149.234.33 - - [08/Jan/2003:17:23:24 +0100] "GET /default.ida?NNNNNNNNNN On http://logi.cc/nw/NetCalc.php3 I calculate the IP netblock from a whois and put it in /etc/shorewall/blacklist with a little information. # inetnum: 152.149.0.0 - 152.149.255.255 # netname: DAEWOO-KR # descr: Daewoo Information Systems Co., Ltd. # descr: ADMIN : CodeRed infected, and you are providing IT professionals? # country: KR 152.149.0.0/16 But in the same block is an website I can not look at? My full blac...

My home system has been hacked. It's running CentOS 4.4, and I recently added an account to play around with Samba shares to back up PCs here at home. I had set a weak password for that account and forgot to disable it after my testing. I could hear the disk being accessed constantly, so I knew something was up. I disabled the port forwarding to my CentOS box on my Linksys router

Hi All, I am 'trying' to set SMART_HOST in sendmail to point to smtp-relay.gmail.com but when looking at the /var/log/maillog its going to mx203.inbound-mx.net. [192.110.255.243], why??? my line from sendmail.mc define(`SMART_HOST', `smtp-relay.gmail.com') I did make in /etc/mail and service sendmail restart This is the only SMART_HOST in the config file. I started with the

At ~07:40 (UTC-4:00) this morning our gateway host lost its WAN Ethernet adaptor. Subsequent to recovery, which required a reboot, the following entries were find in /var/log/messages: Jun 6 07:39:50 gway02 kernel: PING_FLOOD: IN=eth0 OUT= MAC=00:25:90:61:74:c0:00 :24:14:2b:f2:80:08:00 SRC=74.205.112.125 DST=216.185.71.33 LEN=64 TOS=0x00 PREC= 0x00 TTL=50 ID=30954 PROTO=ICMP TYPE=8 CODE=0