[CentOS] Re: I've been hacked -- what should I do next?
Scott Silva
ssilva at sgvwater.com
Fri Dec 1 21:18:05 UTC 2006
Aleksandar Milivojevic spake the following on 12/1/2006 12:43 PM:
> Quoting Alfred von Campe <alfred at 110.net>:
>
>> FWIW, the IP addresses are 172.178.63.167 (acb23fa7.ipt.aol.com) and
>> 61.43.153.30. There is no reverse entry for the latter, so I don't
>> know who to contact. I'll fire off an email to AOL (not that I think
>> anything will happen).
>
> You can use a whois database to find the info (for example, there's web
> interface on www.ripe.net). Info for 61.43.153.30 indicates that this
> IP address is alocated to an provider in South Korea. Contact addresses
> included:
>
> inetnum: 61.32.0.0 - 61.43.255.255
> netname: BORANET-1
> descr: DACOM Corp.
> descr: Facility-based Telecommunication Service Provider
> descr: providing Internet leased-ine, on-line service, BLL etc.
> country: KR
> admin-c: DB50-AP
> tech-c: DB50-AP
> status: ALLOCATED PORTABLE "status:" definitions
> mnt-by: APNIC-HM
> mnt-lower: MNT-KRNIC-AP
> changed: hostmaster at apnic.net
> 20000918
> source: APNIC
>
> role: DACOM BORANET
> address: DACOM Bldg., 706-1, Yoeksam-dong, Kangnam-ku, Seoul
> country: KR
> phone: +82-2-2089-7755
> fax-no: +82-2-2089-0706
> e-mail: ipadm at nic.bora.net
> e-mail: abuse at bora.net
> e-mail: security at bora.net
> admin-c: EC115-AP
> tech-c: SIJ1-AP
> nic-hdl: DB50-AP
> remarks: IP address administrator group of NIC team, DACOM Corp.
> remarks: If related with spam, send mail to
> abuse at bora.net
> remarks: If related with security, send mail to
> security at bora.net
> remarks: Only for whois information correction, send mail to
> ipadm at nic.bora.net
> mnt-by: MNT-KRNIC-AP
> changed: jeonsi at bora.net 20041105
> source: APNIC
Hacked from Korea! There is a surprise!! ;-D
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
More information about the CentOS
mailing list