#1 Ataque fuerzabruta a travez puerto 22 SSH Bueno mientras miraba television me percato de que hay una alta actividad de red en mi equipo a travez de Conky, observando mas detalladamente veo que son conexiones a travez del puerto ssh (Tengo configurado Conky para que me informe estas conexiones), en las cuales veo que eran entre 1 y 2 simultaneas.
Inmediatamente (cual pelicula de ciencia ficcion) y cegado por la paranoia desconecto el cable de red, cierro el servicio ssh y analizo el archivo /var/log/messages
aqui les dejo adjunto el archivo TXT con la salida del comando $cat /var/log/messages | grep sshd
Es interesante ver como utiliza el metodo de diccionario (en este caso de nombres) para tratar de establecer la conexion. Aunque mi USER no sale en el diccionario, cabe destacar aqui la importancia de una contraseña segura (www.passwordmeter.com sacando aqui 100% seguridad.) para impedir que estos ataques lleguen a un exito.
haciendo un whois a las ips de donde provienen los ataques obtengo
$ whois 201.6.106.248 Brazil
CONCLUSION
Tanto en mis pcs, como en los routers con ddwrt (linux) voy a cambiar varios users y passwords haciendolos mas seguros, tambien cambiare los puertos ssh y en los routers voy a desactivar el portfowarding, habilitandolo remotamente cuando sea necesario.
Quiero aclarar aqui que esta posibilidad de ataques de multiples locaciones, puede deberse a que tengo un servicio DDNS sobre mi direccion ip. Asi que con un simple ataque al URL obtienen la ip
Inmediatamente (cual pelicula de ciencia ficcion) y cegado por la paranoia desconecto el cable de red, cierro el servicio ssh y analizo el archivo /var/log/messages
aqui les dejo adjunto el archivo TXT con la salida del comando $cat /var/log/messages | grep sshd
Es interesante ver como utiliza el metodo de diccionario (en este caso de nombres) para tratar de establecer la conexion. Aunque mi USER no sale en el diccionario, cabe destacar aqui la importancia de una contraseña segura (www.passwordmeter.com sacando aqui 100% seguridad.) para impedir que estos ataques lleguen a un exito.
haciendo un whois a las ips de donde provienen los ataques obtengo
$ whois 201.6.106.248 Brazil
% Joint Whois - whois.lacnic.net
% This server accepts single ASN, IPv4 or IPv6 queries
% Brazilian resource: whois.registro.br
% Copyright (c) Nic.br
% The use of the data below is only permitted as described in
% full by the terms of use (http://registro.br/termo/en.html),
% being prohibited its distribution, comercialization or
% reproduction, in particular, to use it for advertising or
% any similar purpose.
% 2009-10-25 16:02:43 (BRST -02:00)
inetnum: 201.6/16
aut-num: AS28573
abuse-c: GRSVI
owner: NET Servi�os de Comunica��o S.A..
ownerid: 000.065.376/0002-65
responsible: Grupo de Seguran�a da Informa��o V�rtua
country: BR
owner-c: GRSVI
tech-c: GRSVI
inetrev: 201.6.0/17
nserver: dns1.virtua.com.br
nsstat: 20091023 AA
nslastaa: 20091023
nserver: dns2.virtua.com.br
nsstat: 20091023 AA
nslastaa: 20091023
created: 20031127
changed: 20080512
nic-hdl-br: GRSVI
person: Grupo de Seguran�a V�rtua
e-mail: virtua@virtua.com.br
created: 20080512
changed: 20090518
% Security and mail abuse issues should also be addressed to
% cert.br, http://www.cert.br/, respectivelly to cert@cert.br
% and mail-abuse@cert.br
%
% whois.registro.br accepts only direct match queries. Types
% of queries are: domain (.br), ticket, provider, ID, CIDR
% block, IP and ASN.
$ whois 200.72.1.60 Chile% This server accepts single ASN, IPv4 or IPv6 queries
% Brazilian resource: whois.registro.br
% Copyright (c) Nic.br
% The use of the data below is only permitted as described in
% full by the terms of use (http://registro.br/termo/en.html),
% being prohibited its distribution, comercialization or
% reproduction, in particular, to use it for advertising or
% any similar purpose.
% 2009-10-25 16:02:43 (BRST -02:00)
inetnum: 201.6/16
aut-num: AS28573
abuse-c: GRSVI
owner: NET Servi�os de Comunica��o S.A..
ownerid: 000.065.376/0002-65
responsible: Grupo de Seguran�a da Informa��o V�rtua
country: BR
owner-c: GRSVI
tech-c: GRSVI
inetrev: 201.6.0/17
nserver: dns1.virtua.com.br
nsstat: 20091023 AA
nslastaa: 20091023
nserver: dns2.virtua.com.br
nsstat: 20091023 AA
nslastaa: 20091023
created: 20031127
changed: 20080512
nic-hdl-br: GRSVI
person: Grupo de Seguran�a V�rtua
e-mail: virtua@virtua.com.br
created: 20080512
changed: 20090518
% Security and mail abuse issues should also be addressed to
% cert.br, http://www.cert.br/, respectivelly to cert@cert.br
% and mail-abuse@cert.br
%
% whois.registro.br accepts only direct match queries. Types
% of queries are: domain (.br), ticket, provider, ID, CIDR
% block, IP and ASN.
% Joint Whois - whois.lacnic.net
% This server accepts single ASN, IPv4 or IPv6 queries
% LACNIC resource: whois.lacnic.net
% Copyright LACNIC lacnic.net
% The data below is provided for information purposes
% and to assist persons in obtaining information about or
% related to AS and IP numbers registrations
% By submitting a whois query, you agree to use this data
% only for lawful purposes.
% 2009-10-25 16:04:02 (BRST -02:00)
inetnum: 200.72.0/17
status: allocated
owner: ENTEL CHILE S.A.
ownerid: CL-ECSA-LACNIC
responsible: ENTEL CHILE S.A.
address: Andr�s Bello, 2687,
address: 56 - Santiago -
country: CL
phone: +56 2 3600123 []
owner-c: BRM
tech-c: BRM
abuse-c: BRM
inetrev: 200.72.0/17
nserver: POLUX.ENTELCHILE.NET
nsstat: 20091023 AA
nslastaa: 20091023
nserver: CASTOR.ENTELCHILE.NET
nsstat: 20091023 AA
nslastaa: 20091023
remarks: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
remarks: Reassignment Information for this block can be found at
remarks: rs.entelchile.net
created: 20010612
changed: 20020426
nic-hdl: BRM
person: ENTEL CHILE S.A.
e-mail: enteladminip@ENTEL.CL
address: Amunategui, 20, piso 10
address: 4254 - Santiago -
country: CL
phone: +56 2 3600123 []
created: 20030317
changed: 20060728
% whois.lacnic.net accepts only direct match queries.
% Types of queries are: POCs, ownerid, CIDR blocks, IP
% and AS numbers.
whois 210.245.81.5 Vietnam Este lo saque a travez del codigo telefonico de pais (+84)% This server accepts single ASN, IPv4 or IPv6 queries
% LACNIC resource: whois.lacnic.net
% Copyright LACNIC lacnic.net
% The data below is provided for information purposes
% and to assist persons in obtaining information about or
% related to AS and IP numbers registrations
% By submitting a whois query, you agree to use this data
% only for lawful purposes.
% 2009-10-25 16:04:02 (BRST -02:00)
inetnum: 200.72.0/17
status: allocated
owner: ENTEL CHILE S.A.
ownerid: CL-ECSA-LACNIC
responsible: ENTEL CHILE S.A.
address: Andr�s Bello, 2687,
address: 56 - Santiago -
country: CL
phone: +56 2 3600123 []
owner-c: BRM
tech-c: BRM
abuse-c: BRM
inetrev: 200.72.0/17
nserver: POLUX.ENTELCHILE.NET
nsstat: 20091023 AA
nslastaa: 20091023
nserver: CASTOR.ENTELCHILE.NET
nsstat: 20091023 AA
nslastaa: 20091023
remarks: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
remarks: Reassignment Information for this block can be found at
remarks: rs.entelchile.net
created: 20010612
changed: 20020426
nic-hdl: BRM
person: ENTEL CHILE S.A.
e-mail: enteladminip@ENTEL.CL
address: Amunategui, 20, piso 10
address: 4254 - Santiago -
country: CL
phone: +56 2 3600123 []
created: 20030317
changed: 20060728
% whois.lacnic.net accepts only direct match queries.
% Types of queries are: POCs, ownerid, CIDR blocks, IP
% and AS numbers.
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 210.245.80.0 - 210.245.87.255
netname: IPHostingGame-NET
country: vn
descr: Dai IP cho Hosting Game
admin-c: FHIG1-AP
tech-c: FHIG1-AP
status: ALLOCATED NON-PORTABLE
changed: hm-changed@vnnic.net.vn 20080411
mnt-by: MAINT-VN-FPT
source: APNIC
role: FPT HANOI IPADMIN GROUP
address: 48 Van Bao, Ba Dinh
address: Ha Noi
country: VN
phone: +84-4-7601060
fax-no: +84-4-7262163
e-mail: abuse@fpt.vn
trouble: send spam reports to abuse@fpt.vn
trouble: and abuse reports to abuse@fpt.vn
admin-c: TPV1-AP
tech-c: NTT9-AP
nic-hdl: FHIG1-AP
notify: hm-changed@vnnic.net.vn
mnt-by: MAINT-VN-FPT
changed: hm-changed@vnnic.net.vn 20090325
source: APNIC
whois 61.50.201.178 China% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 210.245.80.0 - 210.245.87.255
netname: IPHostingGame-NET
country: vn
descr: Dai IP cho Hosting Game
admin-c: FHIG1-AP
tech-c: FHIG1-AP
status: ALLOCATED NON-PORTABLE
changed: hm-changed@vnnic.net.vn 20080411
mnt-by: MAINT-VN-FPT
source: APNIC
role: FPT HANOI IPADMIN GROUP
address: 48 Van Bao, Ba Dinh
address: Ha Noi
country: VN
phone: +84-4-7601060
fax-no: +84-4-7262163
e-mail: abuse@fpt.vn
trouble: send spam reports to abuse@fpt.vn
trouble: and abuse reports to abuse@fpt.vn
admin-c: TPV1-AP
tech-c: NTT9-AP
nic-hdl: FHIG1-AP
notify: hm-changed@vnnic.net.vn
mnt-by: MAINT-VN-FPT
changed: hm-changed@vnnic.net.vn 20090325
source: APNIC
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 61.50.128.0 - 61.50.255.255
netname: CNCBTJQ-NET
descr: China Netcom Group Beijing Corporation
country: CN
admin-c: CY455-AP
tech-c: CY455-AP
mnt-by: MAINT-CNCGROUP-BJ
mnt-lower: MAINT-CNCGROUP-BJ-JQ
changed: hostmast@publicf.bta.net.cn 20041209
status: ALLOCATED NON-PORTABLE
source: APNIC
person: Chen Yong
address: He Ping Men Wai Chang Dian Jia 9 Xuan Wu
address: District Beijing 100050
nic-hdl: CY455-AP
phone: +86-10-63032036
fax-no: +86-10-63161355
e-mail: chenyong1@bjtelecom.com.cn
mnt-by: MAINT-CNCGROUP-BJ
changed: hostmast@publicf.bta.net.cn 20041029
source: APNIC
changed: hostmast@publicf.bta.net.cn 20050520
whois 190.152.80.10 Peru% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 61.50.128.0 - 61.50.255.255
netname: CNCBTJQ-NET
descr: China Netcom Group Beijing Corporation
country: CN
admin-c: CY455-AP
tech-c: CY455-AP
mnt-by: MAINT-CNCGROUP-BJ
mnt-lower: MAINT-CNCGROUP-BJ-JQ
changed: hostmast@publicf.bta.net.cn 20041209
status: ALLOCATED NON-PORTABLE
source: APNIC
person: Chen Yong
address: He Ping Men Wai Chang Dian Jia 9 Xuan Wu
address: District Beijing 100050
nic-hdl: CY455-AP
phone: +86-10-63032036
fax-no: +86-10-63161355
e-mail: chenyong1@bjtelecom.com.cn
mnt-by: MAINT-CNCGROUP-BJ
changed: hostmast@publicf.bta.net.cn 20041029
source: APNIC
changed: hostmast@publicf.bta.net.cn 20050520
% Joint Whois - whois.lacnic.net
% This server accepts single ASN, IPv4 or IPv6 queries
% LACNIC resource: whois.lacnic.net
% Copyright LACNIC lacnic.net
% The data below is provided for information purposes
% and to assist persons in obtaining information about or
% related to AS and IP numbers registrations
% By submitting a whois query, you agree to use this data
% only for lawful purposes.
% 2009-10-25 16:10:13 (BRST -02:00)
inetnum: 190.152.64/18
status: reallocated
owner: ANDINADATOS
ownerid: EC-ANDI-LACNIC
responsible: Juan Camacho / Xavier Moreano
address: Eloy Alfaro N29-16 y 9 de Octubre, 333, Oficina 124
address: 000 - Quito - pi
country: EC
phone: +593 2 2944800 []
owner-c: FBM
tech-c: FBM
abuse-c: FBM
created: 20070320
changed: 20070320
inetnum-up: 190.152.0/17
nic-hdl: FBM
person: John Paredes
e-mail: jdparedes@ANDINATEL.COM
address: Av. Eloy Alfaro y 9 de octubre, Edf Plaza Doral, 124,
address: 17211446 - Quito - NA
country: EC
phone: +593 2 2944800 [876]
created: 20050107
changed: 20080428
% whois.lacnic.net accepts only direct match queries.
% Types of queries are: POCs, ownerid, CIDR blocks, IP
% and AS numbers.
whois 190.152.80.10 Ecuador % This server accepts single ASN, IPv4 or IPv6 queries
% LACNIC resource: whois.lacnic.net
% Copyright LACNIC lacnic.net
% The data below is provided for information purposes
% and to assist persons in obtaining information about or
% related to AS and IP numbers registrations
% By submitting a whois query, you agree to use this data
% only for lawful purposes.
% 2009-10-25 16:10:13 (BRST -02:00)
inetnum: 190.152.64/18
status: reallocated
owner: ANDINADATOS
ownerid: EC-ANDI-LACNIC
responsible: Juan Camacho / Xavier Moreano
address: Eloy Alfaro N29-16 y 9 de Octubre, 333, Oficina 124
address: 000 - Quito - pi
country: EC
phone: +593 2 2944800 []
owner-c: FBM
tech-c: FBM
abuse-c: FBM
created: 20070320
changed: 20070320
inetnum-up: 190.152.0/17
nic-hdl: FBM
person: John Paredes
e-mail: jdparedes@ANDINATEL.COM
address: Av. Eloy Alfaro y 9 de octubre, Edf Plaza Doral, 124,
address: 17211446 - Quito - NA
country: EC
phone: +593 2 2944800 [876]
created: 20050107
changed: 20080428
% whois.lacnic.net accepts only direct match queries.
% Types of queries are: POCs, ownerid, CIDR blocks, IP
% and AS numbers.
% Joint Whois - whois.lacnic.net
% This server accepts single ASN, IPv4 or IPv6 queries
% LACNIC resource: whois.lacnic.net
% Copyright LACNIC lacnic.net
% The data below is provided for information purposes
% and to assist persons in obtaining information about or
% related to AS and IP numbers registrations
% By submitting a whois query, you agree to use this data
% only for lawful purposes.
% 2009-10-25 16:17:34 (BRST -02:00)
inetnum: 190.152.64/18
status: reallocated
owner: ANDINADATOS
ownerid: EC-ANDI-LACNIC
responsible: Juan Camacho / Xavier Moreano
address: Eloy Alfaro N29-16 y 9 de Octubre, 333, Oficina 124
address: 000 - Quito - pi
country: EC
phone: +593 2 2944800 []
owner-c: FBM
tech-c: FBM
abuse-c: FBM
created: 20070320
changed: 20070320
inetnum-up: 190.152.0/17
nic-hdl: FBM
person: John Paredes
e-mail: jdparedes@ANDINATEL.COM
address: Av. Eloy Alfaro y 9 de octubre, Edf Plaza Doral, 124,
address: 17211446 - Quito - NA
country: EC
phone: +593 2 2944800 [876]
created: 20050107
changed: 20080428
% whois.lacnic.net accepts only direct match queries.
% Types of queries are: POCs, ownerid, CIDR blocks, IP
% and AS numbers.
whois 218.108.10.46 - China de nuevo creo% This server accepts single ASN, IPv4 or IPv6 queries
% LACNIC resource: whois.lacnic.net
% Copyright LACNIC lacnic.net
% The data below is provided for information purposes
% and to assist persons in obtaining information about or
% related to AS and IP numbers registrations
% By submitting a whois query, you agree to use this data
% only for lawful purposes.
% 2009-10-25 16:17:34 (BRST -02:00)
inetnum: 190.152.64/18
status: reallocated
owner: ANDINADATOS
ownerid: EC-ANDI-LACNIC
responsible: Juan Camacho / Xavier Moreano
address: Eloy Alfaro N29-16 y 9 de Octubre, 333, Oficina 124
address: 000 - Quito - pi
country: EC
phone: +593 2 2944800 []
owner-c: FBM
tech-c: FBM
abuse-c: FBM
created: 20070320
changed: 20070320
inetnum-up: 190.152.0/17
nic-hdl: FBM
person: John Paredes
e-mail: jdparedes@ANDINATEL.COM
address: Av. Eloy Alfaro y 9 de octubre, Edf Plaza Doral, 124,
address: 17211446 - Quito - NA
country: EC
phone: +593 2 2944800 [876]
created: 20050107
changed: 20080428
% whois.lacnic.net accepts only direct match queries.
% Types of queries are: POCs, ownerid, CIDR blocks, IP
% and AS numbers.
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 218.108.10.0 - 218.108.10.255
netname: gulin1222
country: CN
descr: gulin keji kaifa youxiangongsi1222
admin-c: XW49-AP
tech-c: XW49-AP
status: ASSIGNED NON-PORTABLE
remarks: ************************************************** **
remarks: * please report spam/abuse to abuse@chinahcn.com *
remarks: * reports to other addresses will not be processed *
remarks: ************************************************** **
changed: keeper@chinahcn.com 20040223
mnt-by: MAINT-CN-HZCNC
source: APNIC
person: Kelly Xue
nic-hdl: XW49-AP
e-mail: xuewei@hzdtv.com
address: Gudang Scientific and Economic Park ,No.398
address: Tian Mu Shan Roa, Hangzhou, Zhejiang, P.R.C
phone: +86-571-56808888-8145
fax-no: +86-571-56800004
country: CN
changed: tim@hzdtv.com 20040224
mnt-by: MAINT-CN-WASU
source: APNIC
inetnum: 218.108.10.0 - 218.108.10.255
netname: gulin1222
country: CN
descr: gulin keji kaifa youxiangongsi1222
admin-c: XW49-CN
tech-c: XW49-CN
status: ASSIGNED NON-PORTABLE
remarks: ************************************************** **
remarks: * please report spam/abuse to abuse@chinahcn.com *
remarks: * reports to other addresses will not be processed *
remarks: ************************************************** **
changed: keeper@chinahcn.com 20040223
mnt-by: MAINT-CN-HZCNC
source: CNNIC
person: Kelly Xue
nic-hdl: XW49-CN
e-mail: xuewei@hzdtv.com
address: Gudang Scientific and Economic Park ,No.398
address: Tian Mu Shan Roa, Hangzhou, Zhejiang, P.R.C
phone: +86-571-56808888-8145
fax-no: +86-571-56800004
country: CN
changed: tim@hzdtv.com 20040224
mnt-by: MAINT-CN-WASU
source: CNNIC
whois 83.103.52.33 - Italia% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 218.108.10.0 - 218.108.10.255
netname: gulin1222
country: CN
descr: gulin keji kaifa youxiangongsi1222
admin-c: XW49-AP
tech-c: XW49-AP
status: ASSIGNED NON-PORTABLE
remarks: ************************************************** **
remarks: * please report spam/abuse to abuse@chinahcn.com *
remarks: * reports to other addresses will not be processed *
remarks: ************************************************** **
changed: keeper@chinahcn.com 20040223
mnt-by: MAINT-CN-HZCNC
source: APNIC
person: Kelly Xue
nic-hdl: XW49-AP
e-mail: xuewei@hzdtv.com
address: Gudang Scientific and Economic Park ,No.398
address: Tian Mu Shan Roa, Hangzhou, Zhejiang, P.R.C
phone: +86-571-56808888-8145
fax-no: +86-571-56800004
country: CN
changed: tim@hzdtv.com 20040224
mnt-by: MAINT-CN-WASU
source: APNIC
inetnum: 218.108.10.0 - 218.108.10.255
netname: gulin1222
country: CN
descr: gulin keji kaifa youxiangongsi1222
admin-c: XW49-CN
tech-c: XW49-CN
status: ASSIGNED NON-PORTABLE
remarks: ************************************************** **
remarks: * please report spam/abuse to abuse@chinahcn.com *
remarks: * reports to other addresses will not be processed *
remarks: ************************************************** **
changed: keeper@chinahcn.com 20040223
mnt-by: MAINT-CN-HZCNC
source: CNNIC
person: Kelly Xue
nic-hdl: XW49-CN
e-mail: xuewei@hzdtv.com
address: Gudang Scientific and Economic Park ,No.398
address: Tian Mu Shan Roa, Hangzhou, Zhejiang, P.R.C
phone: +86-571-56808888-8145
fax-no: +86-571-56800004
country: CN
changed: tim@hzdtv.com 20040224
mnt-by: MAINT-CN-WASU
source: CNNIC
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '83.103.52.0 - 83.103.52.63'
inetnum: 83.103.52.0 - 83.103.52.63
netname: FASTWEB-POP-0201-SMALL-BUSINESS
descr: Infrastructure for Fastweb's main location
descr: IP addresses for Small Business customer, second public subnet
country: IT
admin-c: IRS2-RIPE
tech-c: IRS2-RIPE
status: ASSIGNED PA
mnt-by: FASTWEB-MNT
remarks: In case of improper use originating from our network,
remarks: please mail customer or abuse@fastweb.it
remarks: INFRA-AW
source: RIPE # Filtered
person: ip registration service
address: Via Caracciolo, 51
address: 20155 Milano MI
address: Italy
phone: +39 02 45451
fax-no: +39 02 45451
e-mail: IP.RegistrationService@fastweb.it
nic-hdl: IRS2-RIPE
mnt-by: FASTWEB-MNT
remarks:
remarks: In case of improper use originating from our network,
remarks: please mail customer or abuse@fastweb.it
remarks:
source: RIPE # Filtered
% Information related to '83.103.0.0/17AS12874'
route: 83.103.0.0/17
descr: Fastweb Networks block
origin: AS12874
remarks: 5th block released to it.fastweb local registry.
mnt-by: FASTWEB-MNT
remarks: In case of improper use originating from our network,
please mail customer or abuse@fastweb.it
source: RIPE # Filtered
% Information related to '83.103.0.0/18AS12874'
route: 83.103.0.0/18
descr: Fastweb Networks block
origin: AS12874
mnt-by: FASTWEB-MNT
remarks:
remarks: In case of improper use originating from our network,
remarks: please mail customer or abuse@fastweb.it
remarks:
source: RIPE # Filtered
whois 222.236.47.135 - Korea (Caracteres especiales XD)% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '83.103.52.0 - 83.103.52.63'
inetnum: 83.103.52.0 - 83.103.52.63
netname: FASTWEB-POP-0201-SMALL-BUSINESS
descr: Infrastructure for Fastweb's main location
descr: IP addresses for Small Business customer, second public subnet
country: IT
admin-c: IRS2-RIPE
tech-c: IRS2-RIPE
status: ASSIGNED PA
mnt-by: FASTWEB-MNT
remarks: In case of improper use originating from our network,
remarks: please mail customer or abuse@fastweb.it
remarks: INFRA-AW
source: RIPE # Filtered
person: ip registration service
address: Via Caracciolo, 51
address: 20155 Milano MI
address: Italy
phone: +39 02 45451
fax-no: +39 02 45451
e-mail: IP.RegistrationService@fastweb.it
nic-hdl: IRS2-RIPE
mnt-by: FASTWEB-MNT
remarks:
remarks: In case of improper use originating from our network,
remarks: please mail customer or abuse@fastweb.it
remarks:
source: RIPE # Filtered
% Information related to '83.103.0.0/17AS12874'
route: 83.103.0.0/17
descr: Fastweb Networks block
origin: AS12874
remarks: 5th block released to it.fastweb local registry.
mnt-by: FASTWEB-MNT
remarks: In case of improper use originating from our network,
please mail customer or abuse@fastweb.it
source: RIPE # Filtered
% Information related to '83.103.0.0/18AS12874'
route: 83.103.0.0/18
descr: Fastweb Networks block
origin: AS12874
mnt-by: FASTWEB-MNT
remarks:
remarks: In case of improper use originating from our network,
remarks: please mail customer or abuse@fastweb.it
remarks:
source: RIPE # Filtered
query: 222.236.47.135
# KOREAN
��ȸ������ �Ʒ��� ������, ���� ������ ������ �� �ֽ��ϴ�.
IPv4�ּ� : 222.236.0.0-222.236.63.255
��Ʈ��ũ �̸� : HANANET-INFRA
���� ISP�� : broadNnet
�Ҵ系�� ������ : 20050329
�Ҵ����� �������� : Y
[ IPv4�ּ� ���� ���� ���� ]
����������ȣ : ORG3930
������ : �������̺��ε������ֽ�ȸ�
�ּ� : ���� �߱� ���빮��5��
�����ּ� : 267���� SK�������
������ȣ : 100-095
[ ��Ʈ��ũ ������ �ι� ���� ]
�̸� : �����
������ : broadNnet
�ּ� : ���� �߱� ���빮��5��
�����ּ� : 267���� SK�������
������ȣ : 100-095
��ȭ��ȣ : +82-2-106-2
���ڿ��� : ip-adm@skbroadband.com
--------------------------------------------------------------------------------
���� ���� IPv4�ּ� �������� ������ �ùٸ��� ���� ���
�Ʒ��� �ش� ���� ISP �����ڿ��� �����Ͻñ� �ٶ��ϴ�.
[ ����ISP�� IPv4�ּ� å���� ���� ]
�̸� : �����
��ȭ��ȣ : +82-2-106-2
���ڿ��� : ip-adm@skbroadband.com
[ ����ISP�� IPv4�ּ� ������ ���� ]
�̸� : �����
��ȭ��ȣ : +82-2-106-2
���ڿ��� : ip-adm@skbroadband.com
[ ����ISP�� Network Abuse ������ ���� ]
�̸� : �����
��ȭ��ȣ : +82-2-106-2
���ڿ��� : abuse@skbroadband.com
# ENGLISH
KRNIC is not an ISP but a National Internet Registry similar to APNIC.
The following is organization information that is using the IPv4 address.
IPv4 Address : 222.236.0.0-222.236.63.255
Network Name : HANANET-INFRA
Connect ISP Name : broadNnet
Connect Date : 20050328
Registration Date : 20050329
Publishes : Y
[ Organization Information ]
Organization ID : ORG3930
Org Name : SK Broadband Co Ltd
Address : Seoul Namdaemunno 5(o)-ga Jung-gu
Zip Code : 100-095
[ Technical Contact Information ]
Name : IP manager
Org Name : SK Broadband Co Ltd
Address : Seoul Namdaemunno 5(o)-ga Jung-gu
Zip Code : 100-095
Phone : +82-2-106-2
E-Mail : ip-adm@skbroadband.com
--------------------------------------------------------------------------------
If the above contacts are not reachable, please contact following ISP
for further information.
[ ISP IPv4 Admin Contact Information ]
Name : IP manager
Phone : +82-2-106-2
E-Mail : ip-adm@skbroadband.com
[ ISP IPv4 Tech Contact Information ]
Name : IP manager
Phone : +82-2-106-2
E-Mail : ip-adm@skbroadband.com
[ ISP Network Abuse Contact Information ]
Name : manager
Phone : +82-2-106-2
E-Mail : abuse@skbroadband.com
whois 201.22.213.71 - Brasil de nuevo# KOREAN
��ȸ������ �Ʒ��� ������, ���� ������ ������ �� �ֽ��ϴ�.
IPv4�ּ� : 222.236.0.0-222.236.63.255
��Ʈ��ũ �̸� : HANANET-INFRA
���� ISP�� : broadNnet
�Ҵ系�� ������ : 20050329
�Ҵ����� �������� : Y
[ IPv4�ּ� ���� ���� ���� ]
����������ȣ : ORG3930
������ : �������̺��ε������ֽ�ȸ�
�ּ� : ���� �߱� ���빮��5��
�����ּ� : 267���� SK�������
������ȣ : 100-095
[ ��Ʈ��ũ ������ �ι� ���� ]
�̸� : �����
������ : broadNnet
�ּ� : ���� �߱� ���빮��5��
�����ּ� : 267���� SK�������
������ȣ : 100-095
��ȭ��ȣ : +82-2-106-2
���ڿ��� : ip-adm@skbroadband.com
--------------------------------------------------------------------------------
���� ���� IPv4�ּ� �������� ������ �ùٸ��� ���� ���
�Ʒ��� �ش� ���� ISP �����ڿ��� �����Ͻñ� �ٶ��ϴ�.
[ ����ISP�� IPv4�ּ� å���� ���� ]
�̸� : �����
��ȭ��ȣ : +82-2-106-2
���ڿ��� : ip-adm@skbroadband.com
[ ����ISP�� IPv4�ּ� ������ ���� ]
�̸� : �����
��ȭ��ȣ : +82-2-106-2
���ڿ��� : ip-adm@skbroadband.com
[ ����ISP�� Network Abuse ������ ���� ]
�̸� : �����
��ȭ��ȣ : +82-2-106-2
���ڿ��� : abuse@skbroadband.com
# ENGLISH
KRNIC is not an ISP but a National Internet Registry similar to APNIC.
The following is organization information that is using the IPv4 address.
IPv4 Address : 222.236.0.0-222.236.63.255
Network Name : HANANET-INFRA
Connect ISP Name : broadNnet
Connect Date : 20050328
Registration Date : 20050329
Publishes : Y
[ Organization Information ]
Organization ID : ORG3930
Org Name : SK Broadband Co Ltd
Address : Seoul Namdaemunno 5(o)-ga Jung-gu
Zip Code : 100-095
[ Technical Contact Information ]
Name : IP manager
Org Name : SK Broadband Co Ltd
Address : Seoul Namdaemunno 5(o)-ga Jung-gu
Zip Code : 100-095
Phone : +82-2-106-2
E-Mail : ip-adm@skbroadband.com
--------------------------------------------------------------------------------
If the above contacts are not reachable, please contact following ISP
for further information.
[ ISP IPv4 Admin Contact Information ]
Name : IP manager
Phone : +82-2-106-2
E-Mail : ip-adm@skbroadband.com
[ ISP IPv4 Tech Contact Information ]
Name : IP manager
Phone : +82-2-106-2
E-Mail : ip-adm@skbroadband.com
[ ISP Network Abuse Contact Information ]
Name : manager
Phone : +82-2-106-2
E-Mail : abuse@skbroadband.com
% Joint Whois - whois.lacnic.net
% This server accepts single ASN, IPv4 or IPv6 queries
% Brazilian resource: whois.registro.br
% Copyright (c) Nic.br
% The use of the data below is only permitted as described in
% full by the terms of use (http://registro.br/termo/en.html),
% being prohibited its distribution, comercialization or
% reproduction, in particular, to use it for advertising or
% any similar purpose.
% 2009-10-25 16:24:51 (BRST -02:00)
inetnum: 201.22/16
aut-num: AS18881
abuse-c: GOI
owner: Global Village Telecom LTDA.
ownerid: 003.420.926/0002-05
responsible: IT - Equipe de Redes
country: BR
owner-c: GEI26
tech-c: GVO6
inetrev: 201.22.192/18
nserver: dns1.gvt.net.br
nsstat: 20091022 AA
nslastaa: 20091022
nserver: dns2.gvt.net.br
nsstat: 20091022 AA
nslastaa: 20091022
nserver: dns3.gvt.net.br
nsstat: 20091022 AA
nslastaa: 20091022
created: 20041118
changed: 20041119
nic-hdl-br: GEI26
person: GVT - Equipe de redes IT
e-mail: itredes@gvt.net.br
created: 20021107
changed: 20081029
nic-hdl-br: GOI
person: GVT - Operacoes Internet
e-mail: abuse@gvt.net.br
created: 20050112
changed: 20050112
nic-hdl-br: GVO6
person: GVT Operacao
e-mail: operacao@gvt.net.br
created: 20010613
changed: 20021101
% Security and mail abuse issues should also be addressed to
% cert.br, http://www.cert.br/, respectivelly to cert@cert.br
% and mail-abuse@cert.br
%
% whois.registro.br accepts only direct match queries. Types
% of queries are: domain (.br), ticket, provider, ID, CIDR
% block, IP and ASN.
whois 112.72.212.5 - Korea% This server accepts single ASN, IPv4 or IPv6 queries
% Brazilian resource: whois.registro.br
% Copyright (c) Nic.br
% The use of the data below is only permitted as described in
% full by the terms of use (http://registro.br/termo/en.html),
% being prohibited its distribution, comercialization or
% reproduction, in particular, to use it for advertising or
% any similar purpose.
% 2009-10-25 16:24:51 (BRST -02:00)
inetnum: 201.22/16
aut-num: AS18881
abuse-c: GOI
owner: Global Village Telecom LTDA.
ownerid: 003.420.926/0002-05
responsible: IT - Equipe de Redes
country: BR
owner-c: GEI26
tech-c: GVO6
inetrev: 201.22.192/18
nserver: dns1.gvt.net.br
nsstat: 20091022 AA
nslastaa: 20091022
nserver: dns2.gvt.net.br
nsstat: 20091022 AA
nslastaa: 20091022
nserver: dns3.gvt.net.br
nsstat: 20091022 AA
nslastaa: 20091022
created: 20041118
changed: 20041119
nic-hdl-br: GEI26
person: GVT - Equipe de redes IT
e-mail: itredes@gvt.net.br
created: 20021107
changed: 20081029
nic-hdl-br: GOI
person: GVT - Operacoes Internet
e-mail: abuse@gvt.net.br
created: 20050112
changed: 20050112
nic-hdl-br: GVO6
person: GVT Operacao
e-mail: operacao@gvt.net.br
created: 20010613
changed: 20021101
% Security and mail abuse issues should also be addressed to
% cert.br, http://www.cert.br/, respectivelly to cert@cert.br
% and mail-abuse@cert.br
%
% whois.registro.br accepts only direct match queries. Types
% of queries are: domain (.br), ticket, provider, ID, CIDR
% block, IP and ASN.
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 112.72.128.0 - 112.72.255.255
netname: HCN
descr: HYUNDAI COMMUNICATIONS & NETWORK
descr: 1578-51 Shinrim 1-Dong, Kwanak-gu
descr: ********************************
descr: Allocated to KRNIC Member.
descr: If you would like to find assignment
descr: information in detail please refer to
descr: the KRNIC Whois Database at:
descr: http://whois.nic.or.kr/english/index.htm
descr: *********************************
country: KR
admin-c: IM272-AP
tech-c: IM272-AP
status: Allocated Portable
remarks: www.kcnet5.com
mnt-by: MNT-KRNIC-AP
mnt-lower: MNT-KRNIC-AP
changed: hm-changed@apnic.net 20081229
source: APNIC
person: IP Manager
nic-hdl: IM272-AP
e-mail: ip@kcnet5.com
address: 1462-7, HCNBUILDING, Seocho-dong, Seocho-gu, Seoul-si
phone: +82-2-6712-1413
fax-no: +82-2-525-9660
country: KR
changed: hostmaster@nida.or.kr 20090303
mnt-by: MNT-KRNIC-AP
source: APNIC
inetnum: 112.72.128.0 - 112.72.255.255
netname: HCN-KR
descr: HYUNDAI COMMUNICATIONS & NETWORK
country: KR
admin-c: IA82-KR
tech-c: IM82-KR
status: ALLOCATED PORTABLE
mnt-by: MNT-KRNIC-AP
remarks: This information has been partially mirrored by APNIC from
remarks: KRNIC. To obtain more specific information, please use the
remarks: KRNIC whois server at whois.krnic.net.
changed: hostmaster@nic.or.kr
source: KRNIC
whois 211.157.98.64 - China% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 112.72.128.0 - 112.72.255.255
netname: HCN
descr: HYUNDAI COMMUNICATIONS & NETWORK
descr: 1578-51 Shinrim 1-Dong, Kwanak-gu
descr: ********************************
descr: Allocated to KRNIC Member.
descr: If you would like to find assignment
descr: information in detail please refer to
descr: the KRNIC Whois Database at:
descr: http://whois.nic.or.kr/english/index.htm
descr: *********************************
country: KR
admin-c: IM272-AP
tech-c: IM272-AP
status: Allocated Portable
remarks: www.kcnet5.com
mnt-by: MNT-KRNIC-AP
mnt-lower: MNT-KRNIC-AP
changed: hm-changed@apnic.net 20081229
source: APNIC
person: IP Manager
nic-hdl: IM272-AP
e-mail: ip@kcnet5.com
address: 1462-7, HCNBUILDING, Seocho-dong, Seocho-gu, Seoul-si
phone: +82-2-6712-1413
fax-no: +82-2-525-9660
country: KR
changed: hostmaster@nida.or.kr 20090303
mnt-by: MNT-KRNIC-AP
source: APNIC
inetnum: 112.72.128.0 - 112.72.255.255
netname: HCN-KR
descr: HYUNDAI COMMUNICATIONS & NETWORK
country: KR
admin-c: IA82-KR
tech-c: IM82-KR
status: ALLOCATED PORTABLE
mnt-by: MNT-KRNIC-AP
remarks: This information has been partially mirrored by APNIC from
remarks: KRNIC. To obtain more specific information, please use the
remarks: KRNIC whois server at whois.krnic.net.
changed: hostmaster@nic.or.kr
source: KRNIC
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 211.157.96.0 - 211.157.99.255
netname: CHNCOMMIDC
descr: CHINA COMMUNICATIONS SYSTEM CO.,LTD. INTERNET SERVICES BRANCH
descr: INTERNET COMMUNICATIONS
country: CN
admin-c: GJ121-AP
tech-c: WY152-AP
status: ASSIGNED NON-PORTABLE
mnt-by: MAINT-CNNIC-AP
changed: ipas@cnnic.net.cn 20020910
source: APNIC
person: Guo Jinbo
nic-hdl: GJ121-AP
e-mail: ipmaster@cetc-chinacomm.com.cn
address: NO.1 North Road of Workers Stadium, Chaoyang District, Beijing, China
phone: +86-10-64169966
fax-no: +86-10-64163632
country: CN
changed: wangjingying@cetc-chinacomm.com.cn 20031211
mnt-by: MAINT-CNNIC-AP
source: APNIC
person: Wang Yongqiang
nic-hdl: WY152-AP
e-mail: ipmaster@cetc-chinacomm.com.cn
address: NO.1 North Road of Workers Stadium, Chaoyang District, Beijing, China
phone: +86-10-64163626
fax-no: +86-10-64163632
country: CN
changed: wangjingying@cetc-chinacomm.com.cn 20031211
mnt-by: MAINT-CNNIC-AP
source: APNIC
inetnum: 211.157.98.0 - 211.157.98.255
netname: CHINACOMM
country: CN
descr: CECT-CHINACOMM BEIJING
admin-c: CY4-CN
tech-c: WD2-CN
status: ASSIGNED NON-PORTABLE
changed: ipmaster@cect-chinacomm.com 20080104
mnt-by: MAINT-CN-CHINACOMM
source: CNNIC
person: Chen Yongbing
nic-hdl: CY4-CN
e-mail: nmc@95881.com
address: Chaoyang District, Gongti North Road No.1,Beijing
phone: +86-010-64169966
fax-no: +86-010-64163632
country: CN
changed: ipmaster@cect-chinacomm.com 20070829
mnt-by: MAINT-CN-CHINACOMM
source: CNNIC
person: Wang Duoguang
nic-hdl: WD2-CN
e-mail: nmc@95881.com
address: Chaoyang District, Gongti North Road No.1,Beijing
phone: +86-010-64169966
fax-no: +86-010-64163632
country: CN
changed: ipmaster@cect-chinacomm.com 20070829
mnt-by: MAINT-CN-CHINACOMM
source: CNNIC
whois 58.26.124.100 - Malasya% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 211.157.96.0 - 211.157.99.255
netname: CHNCOMMIDC
descr: CHINA COMMUNICATIONS SYSTEM CO.,LTD. INTERNET SERVICES BRANCH
descr: INTERNET COMMUNICATIONS
country: CN
admin-c: GJ121-AP
tech-c: WY152-AP
status: ASSIGNED NON-PORTABLE
mnt-by: MAINT-CNNIC-AP
changed: ipas@cnnic.net.cn 20020910
source: APNIC
person: Guo Jinbo
nic-hdl: GJ121-AP
e-mail: ipmaster@cetc-chinacomm.com.cn
address: NO.1 North Road of Workers Stadium, Chaoyang District, Beijing, China
phone: +86-10-64169966
fax-no: +86-10-64163632
country: CN
changed: wangjingying@cetc-chinacomm.com.cn 20031211
mnt-by: MAINT-CNNIC-AP
source: APNIC
person: Wang Yongqiang
nic-hdl: WY152-AP
e-mail: ipmaster@cetc-chinacomm.com.cn
address: NO.1 North Road of Workers Stadium, Chaoyang District, Beijing, China
phone: +86-10-64163626
fax-no: +86-10-64163632
country: CN
changed: wangjingying@cetc-chinacomm.com.cn 20031211
mnt-by: MAINT-CNNIC-AP
source: APNIC
inetnum: 211.157.98.0 - 211.157.98.255
netname: CHINACOMM
country: CN
descr: CECT-CHINACOMM BEIJING
admin-c: CY4-CN
tech-c: WD2-CN
status: ASSIGNED NON-PORTABLE
changed: ipmaster@cect-chinacomm.com 20080104
mnt-by: MAINT-CN-CHINACOMM
source: CNNIC
person: Chen Yongbing
nic-hdl: CY4-CN
e-mail: nmc@95881.com
address: Chaoyang District, Gongti North Road No.1,Beijing
phone: +86-010-64169966
fax-no: +86-010-64163632
country: CN
changed: ipmaster@cect-chinacomm.com 20070829
mnt-by: MAINT-CN-CHINACOMM
source: CNNIC
person: Wang Duoguang
nic-hdl: WD2-CN
e-mail: nmc@95881.com
address: Chaoyang District, Gongti North Road No.1,Beijing
phone: +86-010-64169966
fax-no: +86-010-64163632
country: CN
changed: ipmaster@cect-chinacomm.com 20070829
mnt-by: MAINT-CN-CHINACOMM
source: CNNIC
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 58.26.0.0 - 58.27.127.255
netname: TMNET-MY
descr: TMnet TELEKOM MALAYSIA,
descr: Level 25 (South), Menara Telekom, Jalan Pantai Baru,
descr: 50672 Kuala Lumpur.
country: MY
admin-c: TA35-AP
tech-c: TA35-AP
status: ALLOCATED PORTABLE
mnt-by: APNIC-HM
mnt-lower: TM-NET-AP
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-changed@apnic.net 20050303
changed: hm-changed@apnic.net 20070209
source: APNIC
route: 58.26.64.0/18
descr: TMnet route object
origin: AS4788
mnt-by: TM-NET-AP
changed: roshime@tm.com.my 20090220
source: APNIC
role: TMNET IP Administrators
address: TM Annexe 1,
address: Jalan Pantai Baru,
address: 50672 Kuala Lumpur.
country: MY
phone: +6-1800-88-2646
phone: +603-83185434
fax-no: +603-22402126
trouble: dnsadm@tmnet.com.my
e-mail: ipno@tm.net.my
trouble: tm_osc@tmnet.com.my [TMDirect]
trouble: ssc@tmnet.com.my [Streamyx]
trouble: abuse@tm.net.my
admin-c: AS115-AP
tech-c: SM135-AP
nic-hdl: TA35-AP
mnt-by: TM-NET-AP
changed: hm-changed@apnic.net 20070209
source: APNIC
BUENO ME CANSE, VOY POR LA MITAD DE LA LISTA jajaja% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 58.26.0.0 - 58.27.127.255
netname: TMNET-MY
descr: TMnet TELEKOM MALAYSIA,
descr: Level 25 (South), Menara Telekom, Jalan Pantai Baru,
descr: 50672 Kuala Lumpur.
country: MY
admin-c: TA35-AP
tech-c: TA35-AP
status: ALLOCATED PORTABLE
mnt-by: APNIC-HM
mnt-lower: TM-NET-AP
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-changed@apnic.net 20050303
changed: hm-changed@apnic.net 20070209
source: APNIC
route: 58.26.64.0/18
descr: TMnet route object
origin: AS4788
mnt-by: TM-NET-AP
changed: roshime@tm.com.my 20090220
source: APNIC
role: TMNET IP Administrators
address: TM Annexe 1,
address: Jalan Pantai Baru,
address: 50672 Kuala Lumpur.
country: MY
phone: +6-1800-88-2646
phone: +603-83185434
fax-no: +603-22402126
trouble: dnsadm@tmnet.com.my
e-mail: ipno@tm.net.my
trouble: tm_osc@tmnet.com.my [TMDirect]
trouble: ssc@tmnet.com.my [Streamyx]
trouble: abuse@tm.net.my
admin-c: AS115-AP
tech-c: SM135-AP
nic-hdl: TA35-AP
mnt-by: TM-NET-AP
changed: hm-changed@apnic.net 20070209
source: APNIC
CONCLUSION
Tanto en mis pcs, como en los routers con ddwrt (linux) voy a cambiar varios users y passwords haciendolos mas seguros, tambien cambiare los puertos ssh y en los routers voy a desactivar el portfowarding, habilitandolo remotamente cuando sea necesario.
Quiero aclarar aqui que esta posibilidad de ataques de multiples locaciones, puede deberse a que tengo un servicio DDNS sobre mi direccion ip. Asi que con un simple ataque al URL obtienen la ip
0
