Results 1 to 8 of 8

Thread: unresolved IP's

  1. #1
    Join Date
    Nov 2005
    Location
    Netherlands
    Posts
    172

    unresolved IP's

    When i look in awstats at the hosts top 10 table, i see 5 different IP adresses which are not resolved and unknown. Should i block/blacklist those IP's? It's a bit suspicious.

    http://img112.imageshack.us/my.php?image=hostsba8.jpg
    Last edited by guimaraes83; 09-02-2006 at 07:59 AM.

  2. #2
    Join Date
    Apr 2003
    Location
    San Jose, CA.
    Posts
    1,622
    I wouldn't waste your time...
    Depending on exactly what those IPs were trying to access...

    McColo Corporation MCCOLO (NET-208-66-192-0-1)
    208.66.192.0 - 208.66.195.255
    Digital Infinity Ltd DIGITALINFINITY (NET-208-66-195-0-1)
    208.66.195.0 - 208.66.195.15

    Getting concerned about every IP which doesnt resolve will be a waste of time in general.

  3. #3
    Quote Originally Posted by guimaraes83
    When i look in awstats at the hosts top 10 table, i see 5 different IP adresses which are not resolved and unknown. Should i block/blacklist those IP's? It's a bit suspicious.

    http://img112.imageshack.us/my.php?image=hostsba8.jpg
    Just because they don't resolve means you should black list them. Sometimes the IP from my ISP has no rdns record for it.

    And doing a quick ip check tells me that the owner of that ip block is McColo Corporation

    EDIT: Or what Lightwave said.

  4. #4
    Join Date
    Nov 2005
    Location
    Netherlands
    Posts
    172
    I traced the IP till McColo corp, but couldn't find the end-owner of the IP address, Thanks Lightwave.

    I did a search on google about digital infinity


    http://www.averageadmins.com/blog/20...-infinity-ltd/

    It seems to be an e-mail harvesting crawler. http://en.wikipedia.org/wiki/Psycheclone

    "
    Based on records from ARIN reveals that this web bot is owned by a company called Digital Infinity Ltd located in Moscow, Russia. The mailing address is listed as: Ostrovityanova str, 14, 200, Moscow, Russia. Their phone numbers (on public record) is +495.9806635, Fax +495.9806635. The name of the owner of Digital Infinity Ltd is "Elena Balkina".
    Elena Balkina has been connected to spam before with linalinks.com. Please note the current owner of linalinks.com is no longer this person or her company. Elena's company has been used to send spam for online pharmacies.
    Based on records from ARIN reveals that this web bot is owned by a company called Digital Infinity Ltd located in Moscow, Russia. The mailing address is listed as: Ostrovityanova str, 14, 200, Moscow, Russia. Their phone numbers (on public record) is +495.9806635, Fax +495.9806635. The name of the owner of Digital Infinity Ltd is "Elena Balkina".
    Elena Balkina has been connected to spam before with linalinks.com. Please note the current owner of linalinks.com is no longer this person or her company. Elena's company has been used to send spam for online pharmacies."

  5. #5
    Join Date
    Nov 2005
    Location
    Netherlands
    Posts
    172
    I've added the IP range of 208.66.195.0/24 to APF's hosts.deny file, but the annoying bot keeps coming back! How the hell does he bypass my firewall?

    208.66.195.15 | 1807 | 1807 | 82.68 MB | 03 Sep 2006 - 02:00


    #
    # hosts.deny This file describes the names of the hosts which are
    # *not* allowed to use the local INET services, as decided
    # by the '/usr/sbin/tcpd' server.
    #
    # The portmap line is redundant, but it is left to remind you that
    # the new secure portmap uses hosts.deny and hosts.allow. In particular
    # you should know that NFS uses portmap!
    208.66.195.0/24

  6. #6
    Join Date
    Nov 2005
    Location
    Netherlands
    Posts
    172
    anyone?

  7. #7
    Check the man page - man hosts.deny

    You're missing an ALL: in there.

  8. #8
    Join Date
    Nov 2005
    Location
    Netherlands
    Posts
    172
    I've read it a bit. So i have to remove that line from hosts.deny
    and add the following to hosts.allow -> ALL EXCEPT: 208.66.195.0/24

    Right?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •