[plug] Abuse report bounces: no DNS record

Alex Nordstrom lx at se.linux.org
Mon Feb 20 18:32:16 WST 2006 

Trying to report some South Koreans that weren't caught as such by my IP 
tables and spent the night unsuccessfully knocking on my SSH port, it 
seems I've hit a wall.

The attacking IP address is 125.249.145.131, and whois reports that the 
domain name of the (ir)responsible organisation is pubnetplus.ne.kr 
(see output below). However, sending reports to this address, using 
either iinet's SMTP or Gmail, fails with these error messages, 
respectively:

5.1.2 - Bad destination host 'DNS Hard Error looking up pubnetplus.ne.kr 
(A):  domain has no A record'

PERM_FAILURE: DNS Error: DNS server returned answer with no data

So what's my next step? Contact APNIC to report the discrepancy? Report 
the entire kr domain to rfc-ignorant.org for supplying incorrect whois 
information? Pubnetplus itself has previously been reported to RFCI 
because of this issue, but that report was rejected:

http://www.rfc-ignorant.org/tools/detail.php?domain=pubnetplus.ne.kr&submitted=1139044096&table=abuse


$ whois 125.249.145.131
% [whois.apnic.net node-2]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:      125.248.0.0 - 125.251.255.255
netname:      PUBNETPLUS
descr:        DACOM-PUBNETPLUS
descr:        DACOM Bldg, 65-228. Hangangro3ga. Yongsan-gu, SEOUL, 
140-716
descr:        ************************************************
descr:        Allocated to KRNIC Member.
descr:        If you would like to find assignment
descr:        information in detail please refer to
descr:        the KRNIC Whois Database at:
descr:        "http://whois.nic.or.kr/english/index.html"
descr:        ************************************************
country:      KR
admin-c:      JJ207-AP
tech-c:       JJ207-AP
status:       ALLOCATED PORTABLE
remarks:      www.pubnetplus.ne.kr
mnt-by:       MNT-KRNIC-AP
mnt-lower:    MNT-KRNIC-AP
changed:      hm-changed at apnic.net 20051025
source:       APNIC

person:       Jihyun Jeon
nic-hdl:      JJ207-AP
e-mail:       jjh83 at dacom.net
address:      65-228, 3Ga, Hangang-ro, Yongsan-gu, Seoul
phone:        +82-2-6220-6695
fax-no:       +82-2-6220-6699
country:      KR
changed:      hostmaster at nic.or.kr 20040316
mnt-by:       MNT-KRNIC-AP
source:       APNIC

-- 
Alex Nordstrom
http://lx.n3.net/
Please do not CC me in followups; I am subscribed to plug.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20060220/ff173133/attachment.pgp>

More information about the plug mailing list