[CentOS] Re: I've been hacked -- what should I do next?

Fri Dec 1 21:31:50 UTC 2006
Mark Schoonover <schoon at amgt.com>

Scott Silva wrote:
> Aleksandar Milivojevic spake the following on 12/1/2006 12:43 PM:
>> Quoting Alfred von Campe <alfred at 110.net>:
>>> FWIW, the IP addresses are (acb23fa7.ipt.aol.com) and
>>>  There is no reverse entry for the latter, so I don't
>>> know who to contact.  I'll fire off an email to AOL (not that I
>>> think anything will happen).
>> You can use a whois database to find the info (for example, there's
>> web interface on www.ripe.net).  Info for indicates
>> that this IP address is alocated to an provider in South Korea. 
>> Contact addresses included: 
>> inetnum: -
>> netname:         BORANET-1
>> descr:           DACOM Corp.
>> descr:           Facility-based Telecommunication Service Provider
>> descr:           providing Internet leased-ine, on-line service, BLL
>> etc. country:         KR admin-c:         DB50-AP
>> tech-c:          DB50-AP
>> status:          ALLOCATED PORTABLE "status:" definitions
>> mnt-by:          APNIC-HM
>> mnt-lower:       MNT-KRNIC-AP
>> changed:         hostmaster at apnic.net
>> 20000918
>> source:          APNIC
>> role:            DACOM BORANET
>> address:         DACOM Bldg., 706-1, Yoeksam-dong, Kangnam-ku, Seoul
>> country:         KR phone:           +82-2-2089-7755
>> fax-no:          +82-2-2089-0706
>> e-mail:          ipadm at nic.bora.net
>> e-mail:          abuse at bora.net
>> e-mail:          security at bora.net
>> admin-c:         EC115-AP
>> tech-c:          SIJ1-AP
>> nic-hdl:         DB50-AP
>> remarks:         IP address administrator group of NIC team, DACOM
>> Corp. remarks:         If related with spam, send mail to
>> abuse at bora.net
>> remarks:         If related with security, send mail to
>> security at bora.net remarks:         Only for whois information
>> correction, send mail to ipadm at nic.bora.net mnt-by:         
>> changed:         jeonsi at bora.net 20041105
>> source:          APNIC
> Hacked from Korea! There is a surprise!! ;-D

We're all assuming that the IP address wasn't spoofed...