Security Incidents mailing list archives
Re: Vulnerability Scan 200.127.113.193, 69.93.128.17
From: Ronaldo Vasconcellos <ronaldo () cais rnp br>
Date: Thu, 4 Nov 2004 16:47:34 -0200 (BRDT)
Hi Kirby, Sorry, but that IP address is allocated to Argentina, not Brazil. $ whois -h whois.lacnic.net 200.127.113.193 [...] nic-hdl: MIF person: Network Services e-mail: networkservices () PRIMA COM AR address: La Rioja, 301, address: C1214ADG - Buenos Aires - country: AR phone: +54 11 43700070 [] created: 20021105 changed: 20030310 [...] Just FYI, these are the net blocks under LACNIC (Latin America and Caribbean Internet Addresses Registry) responsibility: http://www.iana.org/assignments/ipv4-address-space (last updated 03 August 2004) 200/8 Nov 02 LACNIC (whois.lacnic.net) 201/8 Apr 03 LACNIC (whois.lacnic.net) If you want an "all-purpose" whois give Completewhois.com a try: whois.completewhois.com For Brazil: whois.registro.br Best regards, --- Ronaldo Vasconcellos CAIS/RNP - Brazilian Research Network CSIRT http://www.rnp.br/en/cais On Thu, 4 Nov 2004, Kirby Angell wrote:
Date: Thu, 04 Nov 2004 00:50:39 -0600
From: Kirby Angell <kangell () alertra com>
To: Incidents List <incidents () securityfocus com>
Subject: Vulnerability Scan 200.127.113.193, 69.93.128.17
(parts of report redacted for confidentiality reasons)
Start Of Attack: 20041101 17:11:47
End Of Attack: 20041101 18:16:14
Attacking IPs: 200.127.113.193/Windows/Brazil (A1)
69.93.128.17/Linux/US (A2)
Current thread:
- Vulnerability Scan 200.127.113.193, 69.93.128.17 Kirby Angell (Nov 04)
- Re: Vulnerability Scan 200.127.113.193, 69.93.128.17 Ronaldo Vasconcellos (Nov 04)
- Re: Vulnerability Scan 200.127.113.193, 69.93.128.17 Kirby Angell (Nov 05)
- Re: Vulnerability Scan 200.127.113.193, 69.93.128.17 Paul Scallan (Nov 04)
- Re: Vulnerability Scan 200.127.113.193, 69.93.128.17 Ronaldo Vasconcellos (Nov 04)