Security Incidents mailing list archives
Re: Korea a classic ? was: IP blacklist
From: do.geun.jo () KR ARTHURANDERSEN COM (Doglus Cho)
Date: Tue, 16 May 2000 17:45:52 +0900
Hi. Sorry, I admit that I was wrong with RFC 2142 compliant addresses. The KRNIC server gives a general representative address and contact list. I don't understand why a query with the IP address did not give much information. Well, http://whois.nic.or.kr/ is written in Korean, but still you should be able to see an "#English" section in a query result, which contains an e-mail address and telephone numbers. Just let me try it for you, if I may. I guess you could have picked up the CERT-KR address, if you were following this list. The address of "paladin" came from my acquaintance with people, here, not through an electronical query process. Well, the defaced section of SecurityFocus has the clue for the last sentence, but please just ignore that. Regards, To: Do Geun Jo cc: INCIDENTS () securityfocus com Date: 2000-05-16 04:07 PM From: hektor () rz rwth-aachen de Subject: Re: Korea a classic ? was: IP blacklist Hi, do.geun.jo () kr arthurandersen com wrote:
There is a WHOIS server in KRNIC, which surely provide a contact list with
"RFC
2142" compliant addresses.
So, you mean http://whois.nic.or.kr/ with all these nice little letters an ordinary European can't read or understand. Filling the IP adress into the query field does not help either, so I had to use the domain name I found out. That worked with apnic, too, but there should be a netblock entry also, which is much easier, so I don't have to nslookup/traceroute and so on. Anyway, there is no RFC 2142 compliant adress.
If you do not want to go over such painful approach, just report your
incidents
to cert () certcc or kr with your solid evidence and wait for reply. If you are sure that it came from one of the KAIST host, contact paladin () sparcs kaist ac kr.
How can I retrieve this info ?
It is sad to see this kind of messages on one side and the "ph33r the b33r" stuff on the other side.
?? Did not get what this means. Bye, Jens -- Jens Hektor, RWTH Aachen, Rechenzentrum, Seffenter Weg 23, 52074 Aachen Computing Center Technical University Aachen, firewalls/network security mailto:hektor () RZ RWTH-Aachen DE, Tel.: +49 241 80 4866, Raum: 2.35 Private: Rochusstr. 26, D52062 Aachen, Fon: +49 241 29888, Fax: % 29889 *******************Internet Email Confidentiality Footer******************* Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message, and notify us immediately. If you or your employer does not consent to Internet email messages of this kind, please advise us immediately. Opinions, conclusions and other information expressed in this message are not given or endorsed by my firm or employer unless otherwise indicated by an authorized representative independent of this message.
Current thread:
- Re: Korea a classic ? was: IP blacklist Doglus Cho (May 15)
- Re: Korea a classic ? was: IP blacklist Jens Hektor (May 16)
- Re: Korea a classic ? was: IP blacklist Russell Fulton (May 16)
- Re: Korea a classic ? was: IP blacklist Jane DelFavero (May 18)
- Re: Korea a classic ? was: IP blacklist Russell Fulton (May 16)
- Strange logs and scans. Lic. Rodolfo Gonzalez Gonzalez (May 17)
- Re: Strange logs and scans. * * (May 19)
- While we're on viruses... Keith McCammon (May 19)
- <Possible follow-ups>
- Re: Korea a classic ? was: IP blacklist Doglus Cho (May 16)
- Re: Korea a classic ? was: IP blacklist Cho, Douglas (May 17)
- Re: Korea a classic ? was: IP blacklist Jens Hektor (May 16)