Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Korea a classic ? was: IP blacklist

From: jane.delfavero () NYU EDU (Jane DelFavero)
Date: Thu, 18 May 2000 17:37:20 -0400

krnic does have a whois database in English, just in a new place:

http://whois.nic.or.kr/english/

I have also found the Korean cert (cert () certcc or kr) to be helpful
in conveying the seriousness of the problem to the site and helping
them clean up, so I cc them on all incident reports about the .kr
domain.

--------------------------------------------------
Jane DelFavero
Network Security Manager                security () nyu edu
Information Technology Services         jane.delfavero () nyu edu
New York University                     phone: (212) 998-3053
http://www.nyu.edu/its/security

PGP fingerprint: 4F56 0A88 3AF9 60A0  DB73 E726 DA94 CBDD


On Tue, 16 May 2000 09:07:28 +0200 Jens Hektor
<hektor () RZ RWTH-AACHEN DE> wrote:



 So, you mean
     http://whois.nic.or.kr/
 with all these nice little letters an ordinary European can't
 read or understand.


Hmmm... you used to be able to put a /e on the end of a query and get
the english version of the text.  That no longer seems to work :-(

Apnic mirrors some of the information in KRNIC database but I suspect
that krnic is now not bothering to keep an English version of their
data at all so there is no point in APNIC mirroring it.

 Filling the IP adress into the query

 field does not help either, so I had to use the domain name
 I found out. That worked with apnic, too, but there should
 be a netblock entry also, which is much easier, so I don't
 have to nslookup/traceroute and so on.


The problem is made worse by the lack of PTR records so you can't even
get a domain name.  --  I have been reduced to poking at the IMAP port
on LINUX boxes and getting a domain name from the banner!

Cheers, Russell.
Previous By Date Next
Previous By Thread Next

Current thread: