[afnog] attack on 196.45.188.25 currently in progress
Dr Paulos Nyirenda
paulos at sdnp.org.mw
Mon Sep 12 01:53:13 UTC 2016
We are seeing an online attack on our server 196.45.188.25 in progress right now, they
are targetting mysql services that we are running in relation to our .mw registry servers.
Tha attack is being run from the following IP addresses which show as Turkey and Romania
origins as shown in the whois.
5.254.65.9
212.253.62.5
94.122.154.187
Any ideas on how to prevent attacks on mysql 5.6 on Fedora 20 installations ?
I can see what they want to modify but I have problems seeing how they got in or as what.
I am copying this to the abuse contacts on these networks ... does this really work?
Regards,
Paulos
======================
Dr Paulos B Nyirenda
NIC.MW & .mw ccTLD
http://www.registrar.mw
[paulos at domwe ~]$ whois 94.122.154.187
[Querying whois.arin.net]
[Redirected to whois.ripe.net]
[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '94.122.144.0 - 94.122.159.255'
% Abuse contact for '94.122.144.0 - 94.122.159.255' is 'netadmins at dsmart.com.tr'
inetnum: 94.122.144.0 - 94.122.159.255
netname: DOL
remarks: rev-srv: doldns01.dol.com.tr
remarks: rev-srv: doldns02.dol.com.tr
descr: DOL DATACENTER - VAE ADSL DYNAMIC
country: TR
admin-c: DOL22-RIPE
tech-c: DOL22-RIPE
status: ASSIGNED PA
mnt-by: AS12978-MNT
created: 2008-10-14T20:26:59Z
last-modified: 2014-09-15T07:37:47Z
source: RIPE
remarks: rev-srv attribute deprecated by RIPE NCC on 02/09/2009
role: DOL Network Services
address: 100. Yil Mahallesi Melda Sk.
address: Dogan TV Center, No:1 34204, Bagcilar - Istanbul
phone: +90 212 3737800
fax-no: +90 212 3802491
admin-c: SA163-RIPE
tech-c: EE278-RIPE
nic-hdl: DOL22-RIPE
mnt-by: AS12978-MNT
mnt-by: TDTB-MNT
created: 2003-10-16T09:25:39Z
last-modified: 2016-05-27T16:00:07Z
source: RIPE # Filtered
% Information related to '94.122.144.0/20AS12978'
route: 94.122.144.0/20
descr: DOL
origin: AS12978
mnt-by: AS12978-Mnt
created: 2014-01-24T08:55:37Z
last-modified: 2014-01-24T08:55:37Z
source: RIPE
% This query was served by the RIPE Database Query Service version 1.87.4 (ANGUS )
[paulos at domwe ~]$
[paulos at domwe ~]$
[paulos at domwe ~]$ whois 212.253.62.5
[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '212.253.56.0 - 212.253.63.255'
% Abuse contact for '212.253.56.0 - 212.253.63.255' is 'abuse at superonline.net'
inetnum: 212.253.56.0 - 212.253.63.255
netname: SOLNET-3
descr: TR-SOLNET-BB-VAE-ANADOLU
country: TR
admin-c: TNA13-RIPE
tech-c: TNA13-RIPE
status: ASSIGNED PA
remarks: infra-aw
mnt-by: MNT-TELLCOM
created: 2011-04-18T13:49:00Z
last-modified: 2013-12-19T21:17:13Z
source: RIPE # Filtered
role: Tellcom Network Admins
address: Salih Tozan Sk. Karamancilar Is Mrkz. C Blok No:16 34394
address: Esentepe/Sisli/ISTANBUL TURKEY
phone: +90 850 222 4662
fax-no: +90 850 222 4662
admin-c: TK2426-RIPE
tech-c: TK2426-RIPE
nic-hdl: TNA13-RIPE
remarks: *********************************************
remarks: Please send spam and abuse notification only
remarks: to abuse at superonline.net
remarks: *********************************************
abuse-mailbox: abuse at superonline.net
mnt-by: MNT-TELLCOM
created: 2007-08-06T06:35:11Z
last-modified: 2016-03-15T09:39:06Z
source: RIPE # Filtered
% Information related to '212.253.32.0/19AS34984'
route: 212.253.32.0/19
descr: Tellcom ADSL
origin: AS34984
mnt-by: MNT-TELLCOM
created: 2009-05-26T08:51:19Z
last-modified: 2016-03-31T12:01:23Z
source: RIPE # Filtered
% This query was served by the RIPE Database Query Service version 1.87.4 (DB-2)
[paulos at domwe ~]$
[paulos at domwe ~]$
[paulos at domwe ~]$ whois 5.254.65.9
[Querying whois.arin.net]
[Redirected to whois.ripe.net]
[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '5.254.64.0 - 5.254.127.255'
% Abuse contact for '5.254.64.0 - 5.254.127.255' is 'abuse at globalcitytel.com'
inetnum: 5.254.64.0 - 5.254.127.255
netname: Voxility
descr: IPs used by the customers of voxility.com
descr: Dimitrie Pompeiu 9-9A, Building 24
descr: Bucharest 020335, Romania
country: RO
admin-c: VOX100-RIPE
tech-c: VOX100-RIPE
status: LIR-PARTITIONED PA
mnt-by: GLOBALCITY-MNT
mnt-lower: GLOBALCITY-MNT
mnt-lower: VOXILITY-MNT
mnt-routes: VOXILITY-MNT
created: 2015-04-29T11:35:35Z
last-modified: 2016-09-06T09:32:58Z
source: RIPE
person: Voxility NOC
remarks: Team in Charge of Voxility Global IP
remarks: Backbone Management
remarks: Available 24/7 for routing issues and security incidents
org: ORG-SVS8-RIPE
address: Dimitrie Pompeiu 9-9A, Building 24
address: Bucharest 020335, Romania
remarks: noc at voxility.com
abuse-mailbox: abuse at voxility.com
remarks: +1.703-888-5811 (US)
remarks: +49.69-957-98952 (Germany)
remarks: +44 20-3355-1458 (UK)
phone: +40212074774
nic-hdl: VOX100-RIPE
mnt-by: VOXILITY-MNT
created: 2012-08-04T15:50:52Z
last-modified: 2013-10-07T19:48:57Z
source: RIPE # Filtered
% Information related to '5.254.64.0/20AS3223'
route: 5.254.64.0/20
descr: voxility.net
origin: AS3223
mnt-by: VOXILITY-MNT
created: 2016-01-20T16:03:15Z
last-modified: 2016-01-20T16:03:15Z
source: RIPE
% This query was served by the RIPE Database Query Service version 1.87.4 (ANGUS)
[paulos at domwe ~]$
----------------------------------------------------------
Malawi SDNP Webmail: http://www.sdnp.org.mw
Access your Malawi SDNP e-mail from anywhere in the world.
----------------------------------------------------------
More information about the afnog
mailing list