[Dshield] Korean whois info

David Hart DavidHart at TQMcube.com
Fri Nov 21 22:46:37 GMT 2003


On Fri, 2003-11-21 at 17:19, Alan Frayer wrote:
> Johannes,
> 
> I've been getting nailed on port 53 on one or two IPs by 4 or 5 times
> the normal volume of packets. The firewall turns them away (hence the
> logs), but Fightback won't let me file a report because I only have one
> or two target IPs under attack.
> 
> Any suggestions?

I'm not an advocate of fighting abuse with abuse. However, I was getting
scanned by a Chinese site many times every day. I set up a chron job to
grep the log (messages through messages.6) every hour with the offending
IP, combine it with a base message and send it to the ISP hourly with
the advisory that I would do so until it stopped. It stopped.

I lived in Asia for several years (in the employ of a US company). It's
a reasonable certainty that your friend at the abuse desk in Korea
speaks English.
                               ---------
            Quality Management - A Commitment to Excellence
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20031121/7fa579f7/attachment.bin


More information about the list mailing list