[CentOS] Re: I've been hacked -- what should I do next?
Mark Schoonover
schoon at amgt.com
Fri Dec 1 21:31:50 UTC 2006
Scott Silva wrote:
> Aleksandar Milivojevic spake the following on 12/1/2006 12:43 PM:
>> Quoting Alfred von Campe <alfred at 110.net>:
>>
>>> FWIW, the IP addresses are 172.178.63.167 (acb23fa7.ipt.aol.com) and
>>> 61.43.153.30. There is no reverse entry for the latter, so I don't
>>> know who to contact. I'll fire off an email to AOL (not that I
>>> think anything will happen).
>>
>> You can use a whois database to find the info (for example, there's
>> web interface on www.ripe.net). Info for 61.43.153.30 indicates
>> that this IP address is alocated to an provider in South Korea.
>> Contact addresses included:
>>
>> inetnum: 61.32.0.0 - 61.43.255.255
>> netname: BORANET-1
>> descr: DACOM Corp.
>> descr: Facility-based Telecommunication Service Provider
>> descr: providing Internet leased-ine, on-line service, BLL
>> etc. country: KR admin-c: DB50-AP
>> tech-c: DB50-AP
>> status: ALLOCATED PORTABLE "status:" definitions
>> mnt-by: APNIC-HM
>> mnt-lower: MNT-KRNIC-AP
>> changed: hostmaster at apnic.net
>> 20000918
>> source: APNIC
>>
>> role: DACOM BORANET
>> address: DACOM Bldg., 706-1, Yoeksam-dong, Kangnam-ku, Seoul
>> country: KR phone: +82-2-2089-7755
>> fax-no: +82-2-2089-0706
>> e-mail: ipadm at nic.bora.net
>> e-mail: abuse at bora.net
>> e-mail: security at bora.net
>> admin-c: EC115-AP
>> tech-c: SIJ1-AP
>> nic-hdl: DB50-AP
>> remarks: IP address administrator group of NIC team, DACOM
>> Corp. remarks: If related with spam, send mail to
>> abuse at bora.net
>> remarks: If related with security, send mail to
>> security at bora.net remarks: Only for whois information
>> correction, send mail to ipadm at nic.bora.net mnt-by:
>> MNT-KRNIC-AP
>> changed: jeonsi at bora.net 20041105
>> source: APNIC
> Hacked from Korea! There is a surprise!! ;-D
We're all assuming that the IP address wasn't spoofed...
Mark
More information about the CentOS
mailing list