Keyboard Shortcuts
Thread View
j
: Next unread messagek
: Previous unread messagej a
: Jump to all threadsj l
: Jump to MailingList overview

[pacnog] Unknown IP addresses
I might need your expertise on these ip addresses that looks like they are using up our bandwidth if you know these unknown ips; 109.123.106.250 87.106.240. 109.123.106.250 82.165.143.243 87.106.240.241 87.106.13.62 82.165.143.242 82.165.143.243 213.171.205.238 Is there any problem if I block these ips or network?

Hi Tarau,
You can get more information on the owner of the IP's by performing a whois, my favourite tool is http://www.domainwhitepages.com/ but you can also use the whois search from the APNIC website at http://www.apnic.net/
The first few IP addresses look like someone called MAILSHELL.NET so it may be genuine email, or may be spam.
These networks will listtheir contact admins so if you have issues or need to report network abuse, their contact details will be listed, too.
Kind Regards, Sean.
From: pacnog-bounces@pacnog.org [mailto:pacnog-bounces@pacnog.org] On Behalf Of Tarau Bauia Sent: Tuesday, March 13, 2012 10:18 AM To: pacnog@pacnog.org Subject: [pacnog] Unknown IP addresses
I might need your expertise on these ip addresses that looks like they are using up our bandwidth if you know these unknown ips; 109.123.106.250 87.106.240. 109.123.106.250 82.165.143.243 87.106.240.241 87.106.13.62 82.165.143.242 82.165.143.243 213.171.205.238 Is there any problem if I block these ips or network?
-- ************************************************ Tarau Bauia KIThttp://www.kit.edu.ki Betio Tarawa ************************************************

Also try http://www.melissadata.com/lookups/iplocation.asp
Andrew Naigulevu (Mr.)
From: pacnog-bounces@pacnog.org [mailto:pacnog-bounces@pacnog.org] On Behalf Of Sean K. Finn Sent: Tuesday, March 13, 2012 12:30 PM To: 'Tarau Bauia'; 'pacnog@pacnog.org' Subject: Re: [pacnog] Unknown IP addresses
Hi Tarau,
You can get more information on the owner of the IP's by performing a whois, my favourite tool is http://www.domainwhitepages.com/ but you can also use the whois search from the APNIC website at http://www.apnic.net/
The first few IP addresses look like someone called MAILSHELL.NET so it may be genuine email, or may be spam.
These networks will listtheir contact admins so if you have issues or need to report network abuse, their contact details will be listed, too.
Kind Regards,
Sean.
From: pacnog-bounces@pacnog.org [mailto:pacnog-bounces@pacnog.org] On Behalf Of Tarau Bauia Sent: Tuesday, March 13, 2012 10:18 AM To: pacnog@pacnog.org Subject: [pacnog] Unknown IP addresses
I might need your expertise on these ip addresses that looks like they are using up our bandwidth if you know these unknown ips;
109.123.106.250
87.106.240.
109.123.106.250
82.165.143.243
87.106.240.241
87.106.13.62
82.165.143.242
82.165.143.243
213.171.205.238
Is there any problem if I block these ips or network?

Have you tried the nbtstat command to query who the ip address belongs to...??
The command is used as such on DOS...
nbtstat -a [ip address]
Andrew Naigulevu (Mr.)
From: pacnog-bounces@pacnog.org [mailto:pacnog-bounces@pacnog.org] On Behalf Of Tarau Bauia Sent: Tuesday, March 13, 2012 12:18 PM To: pacnog@pacnog.org Subject: [pacnog] Unknown IP addresses
I might need your expertise on these ip addresses that looks like they are using up our bandwidth if you know these unknown ips;
109.123.106.250
87.106.240.
109.123.106.250
82.165.143.243
87.106.240.241
87.106.13.62
82.165.143.242
82.165.143.243
213.171.205.238
Is there any problem if I block these ips or network?

Hi Tarau,
You can use "Whois Look Up" to find out whose IP addresses these are. It depends on whether they are legitimate users etc or squatting etc. See: http://www.whois.net/
You can also ask the relevant RIR about them if in doubt.
You will have to have legitimate grounds to block them. It also depends on the laws in your country and what it says about blocking.
The US and Japan for instance have two different approaches. In the US, the ISPs can simply take them down after giving Notice and in Japan, a notice is served on them as to give an opportunity of why not to take them down.
However, if they are not paying but squatting, block them - caveat is to seek legal counsel from your company's lawyers first.
Kind Regards,
On Tue, Mar 13, 2012 at 12:18 PM, Tarau Bauia tbauia@gmail.com wrote:
I might need your expertise on these ip addresses that looks like they are using up our bandwidth if you know these unknown ips; 109.123.106.250 87.106.240. 109.123.106.250 82.165.143.243 87.106.240.241 87.106.13.62 82.165.143.242 82.165.143.243 213.171.205.238 Is there any problem if I block these ips or network?
--
Tarau Bauia KIT http://www.kit.edu.ki Betio Tarawa
pacnog mailing list pacnog@pacnog.org http://mailman.apnic.net/mailman/listinfo/pacnog

FYI
Andrew Naigulevu (Mr.)
From: pacnog-bounces@pacnog.org [mailto:pacnog-bounces@pacnog.org] On Behalf Of Tarau Bauia Sent: Tuesday, March 13, 2012 12:18 PM To: pacnog@pacnog.org Subject: [pacnog] Unknown IP addresses
I might need your expertise on these ip addresses that looks like they are using up our bandwidth if you know these unknown ips;
109.123.106.250 - London
87.106.240. ???
109.123.106.250 - London
82.165.143.243 - Germany
87.106.240.241 - Germany
87.106.13.62 - Berlin, Germany
82.165.143.242 - Germany
82.165.143.243 - Germany
213.171.205.238 - Gloucester, England
Is there any problem if I block these ips or network?

Dear Tarau,
I might need your expertise on these ip addresses that looks like they are using up our bandwidth if you know these unknown ips; 109.123.106.250
AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name 13213 | 109.123.106.250 | 109.123.64.0/18 | GB | ripencc | 2009-10-12 | UK2NET-AS UK-2 Ltd Autonomous System
109.123.106.250 has the DNS RR db11.spamcatcher.net pointed to it.
http://www.spamcatcher.net/mail/client/fd.html
87.106.240.
Typo?
82.165.143.243
AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name 8560 | 82.165.143.243 | 82.165.0.0/16 | DE | ripencc | 2003-08-06 | ONEANDONE-AS 1&1 Internet AG
82.165.143.243 also has the DNS RR db11.spamcatcher.net pointed to it.
87.106.240.241
AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name 8560 | 87.106.240.241 | 87.106.0.0/16 | DE | ripencc | 2005-08-10 | ONEANDONE-AS 1&1 Internet AG
db11.spamcatcher.net again.
87.106.13.62
AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name 8560 | 87.106.13.62 | 87.106.0.0/16 | DE | ripencc | 2005-08-10 | ONEANDONE-AS 1&1 Internet AG
87.106.13.62 has the DNS RR sn3.mailshell.net pointed to it. That's the same thing as spamcatcher.net.
82.165.143.242
AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name 8560 | 82.165.143.242 | 82.165.0.0/16 | DE | ripencc | 2003-08-06 | ONEANDONE-AS 1&1 Internet AG
82.165.143.242 has the DNS RR sn3.mailshell.net pointed to it as well.
213.171.205.238
AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name 8560 | 82.165.143.243 | 82.165.0.0/16 | DE | ripencc | 2003-08-06 | ONEANDONE-AS 1&1 Internet AG
db11.spamcatcher.net again.
All of the hosts above are Linux boxes, it appears.
Is there any problem if I block these ips or network?
You might want to reach out to the folks at spamcatcher and share some log snippets with them. You can then ask them about the traffic and its purpose.
Thanks, Rob.
Activity Summary
- 4025 days inactive
- 4025 days old
- pacnog@pacnog.org
- 5 participants
- 6 comments