[prev in list] [next in list] [prev in thread] [next in thread]
List: bleeding-sigs
Subject: [Bleeding-sigs] [Fwd: alert: New event: BLEEDING-EDGE POLICY
From: SECNAP Security <security () secnap ! net>
Date: 2007-03-31 17:24:47
Message-ID: 460E995F.7070102 () secnap ! net
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
FP:
not bogin, not since january:
rgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU
ReferralServer: whois://whois.apnic.net
NetRange: 118.0.0.0 - 118.255.255.255
CIDR: 118.0.0.0/8
NetName: APNIC-118
NetHandle: NET-118-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS4.APNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: NS.LACNIC.NET
NameServer: NS-SEC.RIPE.NET
Comment: This IP address range is not registered in the ARIN database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate networks
Comment: using this IP address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/info/faq/abuse
RegDate: 2007-01-17
Updated: 2007-01-24
OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3100
OrgTechEmail: search-apnic-not-arin@apnic.net
# ARIN WHOIS database, last updated 2007-03-30 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 116.0.0.0 - 119.255.255.255
netname: APNIC-AP
descr: Asia Pacific Network Information Center, Pty. Ltd.
descr: Regional Internet Registry for the Asia-Pacific Region
descr: Level 1 - 33 Park Road.
descr: PO Box 2131
descr: Milton QLD 4064
descr: Australia
country: AU
admin-c: HM20-AP
tech-c: NO4-AP
remarks: Unresolved Spam complaints to Auto-responder spam@apnic.net.
remarks: Unresolved Network Abuse issues to Auto-responder
remarks: abuse@apnic.net.
mnt-by: APNIC-HM
mnt-lower: APNIC-HM
status: ALLOCATED PORTABLE
changed: hm-changed@apnic.net 20070117
source: APNIC
-------- Original Message --------
Subject: alert: New event: BLEEDING-EDGE POLICY Reserved IP Space
Traffic - Bogon Nets 2
Date: Sat, 31 Mar 2007 20:23:04 +0300 (IDT)
From: Gazit-IL <sagie@ptr.co.il>
To: security-alert@gazit-il.hackertrap.net
03/31-20:20:55 UDP 118.141.74.189:31137
<https://gazit-il.hackertrap.net/base/base_stat_ipaddr.php?ip=118.141.74.189>
--> 62.90.107.148:1026
<https://gazit-il.hackertrap.net/base/base_stat_ipaddr.php?ip=62.90.107.148>
[1:2002750:7] <http://www.snort.org/pub-bin/sigs.cgi?sid=2002750>
BLEEDING-EDGE POLICY Reserved IP Space Traffic - Bogon Nets 2
[Classification: Potentially Bad Traffic] [Priority: 2]
[Attachment #5 (text/html)]
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
FP:<br>
<br>
not bogin, not since january:<br>
<br>
rgName: Asia Pacific Network Information Centre<br>
OrgID: APNIC<br>
Address: PO Box 2131<br>
City: Milton<br>
StateProv: QLD<br>
PostalCode: 4064<br>
Country: AU<br>
<br>
ReferralServer: whois://whois.apnic.net<br>
<br>
NetRange: 118.0.0.0 - 118.255.255.255<br>
CIDR: 118.0.0.0/8<br>
NetName: APNIC-118<br>
NetHandle: NET-118-0-0-0-1<br>
Parent:<br>
NetType: Allocated to APNIC<br>
NameServer: NS1.APNIC.NET<br>
NameServer: NS3.APNIC.NET<br>
NameServer: NS4.APNIC.NET<br>
NameServer: TINNIE.ARIN.NET<br>
NameServer: NS.LACNIC.NET<br>
NameServer: NS-SEC.RIPE.NET<br>
Comment: This IP address range is not registered in the ARIN
database.<br>
Comment: For details, refer to the APNIC Whois Database via<br>
Comment: WHOIS.APNIC.NET or <a class="moz-txt-link-freetext" \
href="http://www.apnic.net/apnic-bin/whois2.pl">http://www.apnic.net/apnic-bin/whois2.pl</a><br>
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet \
Registry<br> Comment: for the Asia Pacific region. APNIC does not \
operate networks<br> Comment: using this IP address range and is \
not able to investigate<br> Comment: spam or abuse reports relating \
to these addresses. For more<br> Comment: help, refer to <a \
class="moz-txt-link-freetext" \
href="http://www.apnic.net/info/faq/abuse">http://www.apnic.net/info/faq/abuse</a><br>
RegDate: 2007-01-17<br>
Updated: 2007-01-24<br>
<br>
OrgTechHandle: AWC12-ARIN<br>
OrgTechName: APNIC Whois Contact<br>
OrgTechPhone: +61 7 3858 3100<br>
OrgTechEmail: <a class="moz-txt-link-abbreviated" \
href="mailto:search-apnic-not-arin@apnic.net">search-apnic-not-arin@apnic.net</a><br> \
<br> # ARIN WHOIS database, last updated 2007-03-30 19:10<br>
# Enter ? for additional hints on searching ARIN's WHOIS database.<br>
% [whois.apnic.net node-2]<br>
% Whois data copyright terms <a class="moz-txt-link-freetext" \
href="http://www.apnic.net/db/dbcopyright.html">http://www.apnic.net/db/dbcopyright.html</a><br>
<br>
inetnum: 116.0.0.0 - 119.255.255.255<br>
netname: APNIC-AP<br>
descr: Asia Pacific Network Information \
Center, Pty. Ltd.<br> descr: Regional \
Internet Registry for the Asia-Pacific Region<br> \
descr: Level 1 - 33 Park Road.<br> \
descr: PO Box 2131<br> \
descr: Milton QLD 4064<br> \
descr: Australia<br> \
country: AU<br> admin-c: \
HM20-AP<br> tech-c: NO4-AP<br>
remarks: Unresolved Spam complaints to Auto-responder
<a class="moz-txt-link-abbreviated" \
href="mailto:spam@apnic.net">spam@apnic.net</a>.<br> \
remarks: Unresolved Network Abuse issues to \
Auto-responder<br> remarks: <a \
class="moz-txt-link-abbreviated" \
href="mailto:abuse@apnic.net">abuse@apnic.net</a>.<br> \
mnt-by: APNIC-HM<br> mnt-lower: \
APNIC-HM<br> status: ALLOCATED PORTABLE<br>
changed: <a class="moz-txt-link-abbreviated" \
href="mailto:hm-changed@apnic.net">hm-changed@apnic.net</a> 20070117<br> \
source: APNIC<br> <br>
<br>
-------- Original Message --------
<table class="moz-email-headers-table" border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<th align="right" nowrap="nowrap" valign="baseline">Subject: </th>
<td>alert: New event: BLEEDING-EDGE POLICY Reserved IP Space
Traffic - Bogon Nets 2</td>
</tr>
<tr>
<th align="right" nowrap="nowrap" valign="baseline">Date: </th>
<td>Sat, 31 Mar 2007 20:23:04 +0300 (IDT)</td>
</tr>
<tr>
<th align="right" nowrap="nowrap" valign="baseline">From: </th>
<td>Gazit-IL <a class="moz-txt-link-rfc2396E" \
href="mailto:sagie@ptr.co.il"><sagie@ptr.co.il></a></td> </tr>
<tr>
<th align="right" nowrap="nowrap" valign="baseline">To: </th>
<td><a class="moz-txt-link-abbreviated" \
href="mailto:security-alert@gazit-il.hackertrap.net">security-alert@gazit-il.hackertrap.net</a></td>
</tr>
</tbody>
</table>
<br>
<br>
03/31-20:20:55 UDP <a
href="https://gazit-il.hackertrap.net/base/base_stat_ipaddr.php?ip=118.141.74.189"
target="_blank">118.141.74.189:31137</a> --> <a
href="https://gazit-il.hackertrap.net/base/base_stat_ipaddr.php?ip=62.90.107.148"
target="_blank">62.90.107.148:1026</a><br>
<a href="http://www.snort.org/pub-bin/sigs.cgi?sid=2002750"
target="_blank">[1:2002750:7]</a> BLEEDING-EDGE POLICY Reserved IP
Space Traffic - Bogon Nets 2<br>
[Classification: Potentially Bad Traffic] [Priority: 2]
</body>
</html>
_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigs@bleedingthreats.net
http://lists.bleedingthreats.net/cgi-bin/mailman/listinfo/bleeding-sigs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic