Re: [cobalt-users] IPs related to hackers

["Gerald Waugh" <gerald@xxxxxxxxx>]

"Diana Brake" <diana@xxxxxxxxxxxxx>  wrote
> Do any of the people who have servers that have been cracked have list of
> IPs these attacks originated from? I would guess that some of the
> information could have been erase by the hackers, but if someone does have
> this info, it would be great to share it so that the rest of us could drop
> it into the /etc/hosts.deny file.
> My logs show several direct attempts from these numbers over the last few
days:
> 211.174.58.76
> 211.218.145.88  different services but both from Korea.
> 63.228.49.68 - apparently from Minneapolis - uswest.net -
> 63.228.51.203 - and then another, all from Minneapolis. This person is >
SERIOUS...:)
> 63.228.39.137
> 61.141.204.239 from China with a truly nice response back from the admins

I tracked down some of these
ALL: 24.25.40.252   Netname: ROAD-RUNNER-1 Netblock: 24.24.0.0 - 24.31.255.255
ALL: 63.237.170.8  Qwest Communications (NETBLK-NET-QWEST-BLKS2) NET-QWEST-BLKS2
ALL: 142.166.89.89 Netname: STENTOR8 Saint John, NB
ALL: 210.91.84.111  Korea Network Information Center 210.90.0.0 - 210.91.255.255
ALL: 63.112.195.196 UUNET Technologies, Inc. (NETBLK-UUNET63) UUNET63
63.64.0.0 - 63.127..255.2
ALL: 211.60.130.4  *** Could not find this one ***
ALL: 203.186.139.115 Asia Pacific Network Information Center
ALL: 64.229.173.34 Bell Nexxia (NETBLK-BELLCANADA-5) BELLCANADA-5
ALL: 212.184.103.11 Deutsche Telekom AG, Internet service provider
ALL: 210.220.162.26  Korea Network Information Center
ALL: 63.144.88.3  Qwest Communications (NETBLK-NET-QWEST-BLKS-2)
NET-QWEST-BLKS-2
ALL: 166.82.46.13  CTC Internet Services  (DR5-ORG-ARIN)  noc@vnet.
ALL: 61.9.26.51  Makati 1227 Philippines
ALL: 216.52.186.200 InterNAP Network Services (NETBLK-PNAP-8-98) PNAP-8-98
ALL: 211.250.160.252   *** Could not find this one ***
ALL: 63.148.43.107 Qwest Communications (NETBLK-NET-QWEST-BLKS-2)
Gerald