We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

Unknown IPs attacking my server


marks
15-04-2015, 12:14
yes, I can see that it's not easy to find in this case.

I've found the information on the Afnic whois page:

http://wq.apnic.net/apnic-bin/whois.pl

and yes, it looks like an attack coming from china.

alvaroag
09-04-2015, 18:39
Weird... the "whois" command gave me no result... Thank you.

And yes, being the attacks from chine will make it nonsense to write to abuse..... I'd better block the whole provider....

AlbaHost
09-04-2015, 17:15
It seems to be in hongkong, and more info can be found here: https://wq.apnic.net/apnic-bin/whois...1.169&whois=Go

Just hit Search button and you will get some info, btw when its China in question, i doubt you will find any solution with abuses, good luck.

alvaroag
09-04-2015, 16:58
Hi. I'm having an attack that is a little bit weird. I have this Ips attacking my server:

Code:
       ip        | count 
-----------------+-------
 43.255.191.169  | 16158
 43.255.191.160  | 16640
 43.255.191.130  | 19230
 43.255.191.143  | 19231
Normally, when I see constant attacks, I check WHOIS information for the IP, sometimes report it to ISP abuse, and finally block the whole network on Shorewall. But the problem this time is that Ips don't have WHOIS information. IANA says they are delegated to APNIC, but APNIC WHOIS returns no match.

This is really weird... I mean, normally, any IP should have WHOIS data, even when not used, as it may be allocated to some ISP; and, if not allocated, should not be in use.

Any hint on this? Thanks in advance.