[CentOS] I've been hacked -- what should I do next?

Fri Dec 1 22:36:37 UTC 2006
John R Pierce <pierce at hogranch.com>

>
>    Go to http://www.arin.net and enter the IP address.  In the case 
> of  61.43.153.30, follow the link to the APNIC which is responsible 
> for this pool.  You'll get there the info you seek.


there is an enhanced whois command that will do this automatically.   I 
don't know if its in any RH/CentOS repositories (it probably should be, 
hint hint!), I've built mine from source and drop it into 
/usr/local/bin   ...   here's the authors site, the info on it is 
skimpy, but it works great.  http://www.linux.it/~md/software/


$ whois --version
Version 4.7.17.

Report bugs to <md+whois at linux.it>.

$ whois 61.43.153.30
% [whois.apnic.net node-1]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:      61.32.0.0 - 61.43.255.255
netname:      BORANET-1
descr:        DACOM Corp.
descr:        Facility-based Telecommunication Service Provider
descr:        providing Internet leased-ine, on-line service, BLL etc.
country:      KR
...