[rescue] IP blocks
Eric Dittman
dittman at dittman.net
Mon Feb 18 21:59:37 CST 2002
> Dave's on the right track. did a normal whois to see their ns to get
> an idea of address space then used the ripe-radb-whois client to ask for
> info, it's 193.252.0.0/18 and is a sprint block. if you mail
> abuse@ both of those as per rfc2142 you should see some action. It'd be
> a good idea to mail the hostmaster as well, and the nocc@ all of
> them. a whack 18 is over 16k addresses...(193.252.0.0-192.252.63.255)
> it shouldn't fall outside of those bounds or else the revers dns
> wouldn't be wanadookey.
I did this for one of the IP addresses (80.13.173.67) I had in
my logs and it show 80.13.0.0/16 and lists that as being in
block AS3215 as well. How can I get a list of all the IP
ranges in block AS3215, since there are more than these two?
> the netops i know at sprint aren't at their consoles right now...
> but you can block that whole block (as3215) and that should
> suffice...if you're getting others outside it'd be a trivial hack
> to write something that watched the logs and added rules on the
> fly. i have some perl code somewhere that does that if ya want
> me to look in my backups for it...
>
> if ya don't have a firewall just null route that block
I have a firewall so I can block their block, but I can't
do that on the block name.
--
Eric Dittman
dittman at dittman.net
Check out the DEC Enthusiasts Club at http://www.dittman.net/
More information about the rescue
mailing list