[plug] Abuse report bounces: no DNS record
Alex Nordstrom
lx at se.linux.org
Mon Feb 20 18:32:16 WST 2006
Trying to report some South Koreans that weren't caught as such by my IP
tables and spent the night unsuccessfully knocking on my SSH port, it
seems I've hit a wall.
The attacking IP address is 125.249.145.131, and whois reports that the
domain name of the (ir)responsible organisation is pubnetplus.ne.kr
(see output below). However, sending reports to this address, using
either iinet's SMTP or Gmail, fails with these error messages,
respectively:
5.1.2 - Bad destination host 'DNS Hard Error looking up pubnetplus.ne.kr
(A): domain has no A record'
PERM_FAILURE: DNS Error: DNS server returned answer with no data
So what's my next step? Contact APNIC to report the discrepancy? Report
the entire kr domain to rfc-ignorant.org for supplying incorrect whois
information? Pubnetplus itself has previously been reported to RFCI
because of this issue, but that report was rejected:
http://www.rfc-ignorant.org/tools/detail.php?domain=pubnetplus.ne.kr&submitted=1139044096&table=abuse
$ whois 125.249.145.131
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 125.248.0.0 - 125.251.255.255
netname: PUBNETPLUS
descr: DACOM-PUBNETPLUS
descr: DACOM Bldg, 65-228. Hangangro3ga. Yongsan-gu, SEOUL,
140-716
descr: ************************************************
descr: Allocated to KRNIC Member.
descr: If you would like to find assignment
descr: information in detail please refer to
descr: the KRNIC Whois Database at:
descr: "http://whois.nic.or.kr/english/index.html"
descr: ************************************************
country: KR
admin-c: JJ207-AP
tech-c: JJ207-AP
status: ALLOCATED PORTABLE
remarks: www.pubnetplus.ne.kr
mnt-by: MNT-KRNIC-AP
mnt-lower: MNT-KRNIC-AP
changed: hm-changed at apnic.net 20051025
source: APNIC
person: Jihyun Jeon
nic-hdl: JJ207-AP
e-mail: jjh83 at dacom.net
address: 65-228, 3Ga, Hangang-ro, Yongsan-gu, Seoul
phone: +82-2-6220-6695
fax-no: +82-2-6220-6699
country: KR
changed: hostmaster at nic.or.kr 20040316
mnt-by: MNT-KRNIC-AP
source: APNIC
--
Alex Nordstrom
http://lx.n3.net/
Please do not CC me in followups; I am subscribed to plug.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20060220/ff173133/attachment.pgp>
More information about the plug
mailing list