[Dshield] Stumped by 238.7.6.6

Thomas Liston tliston at premmag.com
Mon Jun 17 16:36:44 GMT 2002


That address is part of a block of addresses that has not been 
assigned to anyone.  It falls within the chunk of space that the IANA 
has reserved for multicast addresses.

It sounds like someone is spoofing that IP or that something, 
somewhere is really messed up (some whacked out NAT device leaking an 
internal address?).  As annoying as it may be, I wouldn't go running 
off and attempting legal action just yet, at least until you know 
more precisely WHO you need to be going after.

Can you supply more specific information about what is going on?

Might I suggest passing this off to handler at incidents.org?

-TL


On 17 Jun 2002 at 8:46, Grant Thurman wrote:

> Sorry the last email got away before I was done:
> 
> I have some idiot at 238.7.6.6 (Internet Assigned Numbers Authority) which
> resolves to IANA which ends up at RIPE DBM, they (IANA) will do nothing to
> help, attacking my mail server every second on IGMP, the firewall is
> blocking OK but the logs are huge and it is just a pain. Does anyone know
> how to get IANA to answer an email to find out who they gave the IP to so I
> can get them to stop?? I am about ready to make a phone call to the
> Authorities in The Kingdom of the Netherlands and pusue criminal action.
> 
> 
> inetnum:      224.0.0.0 - 239.255.255.255
> netname:      IANA-DBLK
> descr:        Whole Class D address space
> country:      NL
> admin-c:      RD132-RIPE
> tech-c:       RD132-RIPE
> status:       ALLOCATED UNSPECIFIED
> remarks:      Country is really worldwide
> remarks:      This address space is assigned at various other places in
> remarks:      the world and might therefore not be in the RIPE database.
> mnt-by:       RIPE-NCC-MNT
> mnt-lower:    RIPE-NCC-MNT
> changed:      ripe-dbm at ripe.net 20000802
> source:       RIPE
> 
> role:         RIPE DBM
> address:      Singel 258
> address:      NL-1016 AB  Amsterdam
> address:      Kingdom of the Netherlands
> e-mail:       ripe-dbm at ripe.net
> remarks:      RIPE Database Administration
> trouble:      Documentation: http://www.ripe.net/ripe/docs/database.html
> trouble:      FAQ: http://www.ripe.net/faq/database/index.html
> trouble:      Questions and problem reports ... mailto:ripe-dbm at ripe.net
> trouble:      spam, abuse reports .....  mailto:nicdb at ripe.net
> admin-c:      JLSD1-RIPE
> admin-c:      AMR68-RIPE
> tech-c:       EG792-RIPE
> tech-c:       SK15964-RIPE
> tech-c:       MPK-RIPE
> tech-c:       DW6465-RIPE
> tech-c:       CB7777-RIPE
> nic-hdl:      RD132-RIPE
> mnt-by:       RIPE-DBM-MNT
> changed:      ripe-dbm at ripe.net 19970115
> changed:      ripe-dbm at ripe.net 19970923
> changed:      ripe-dbm at ripe.net 19980211
> changed:      ripe-dbm at ripe.net 19990118
> changed:      ripe-dbm at ripe.net 19990727
> changed:      ripe-dbm at ripe.net 19990909
> changed:      ripe-dbm at ripe.net 20000101
> changed:      ripe-dbm at ripe.net 20010717
> changed:      ripe-dbm at ripe.net 20010810
> source:       RIPE
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list


Tom Liston, GSEC
Network Administrator
Prem Magnetics, Inc.
tliston at premmag.com
tliston at hackbusters.net




More information about the list mailing list