OVH Community, your new community space.

Unknown IPs attacking my server

marks

15-04-2015, 12:14

yes, I can see that it's not easy to find in this case.

I've found the information on the Afnic whois page:

http://wq.apnic.net/apnic-bin/whois.pl

and yes, it looks like an attack coming from china.

alvaroag

09-04-2015, 18:39

Weird... the "whois" command gave me no result... Thank you.

And yes, being the attacks from chine will make it nonsense to write to abuse..... I'd better block the whole provider....

AlbaHost

09-04-2015, 17:15

It seems to be in hongkong, and more info can be found here: https://wq.apnic.net/apnic-bin/whois...1.169&whois=Go

Just hit Search button and you will get some info, btw when its China in question, i doubt you will find any solution with abuses, good luck.

alvaroag

09-04-2015, 16:58

Hi. I'm having an attack that is a little bit weird. I have this Ips attacking my server:

Code:

       ip        | count 
-----------------+-------
 43.255.191.169  | 16158
 43.255.191.160  | 16640
 43.255.191.130  | 19230
 43.255.191.143  | 19231

Normally, when I see constant attacks, I check WHOIS information for the IP, sometimes report it to ISP abuse, and finally block the whole network on Shorewall. But the problem this time is that Ips don't have WHOIS information. IANA says they are delegated to APNIC, but APNIC WHOIS returns no match.

This is really weird... I mean, normally, any IP should have WHOIS data, even when not used, as it may be allocated to some ISP; and, if not allocated, should not be in use.

Any hint on this? Thanks in advance.