Using my favorite whois service. One that hits blackloutus's Rwhois servers, the Org name I get back from them is "Aloli LTD"
Running 'whois '208.64.123.177''... [Querying whois.arin.net] [Redirected to rwhois.blacklotus.net:4321] [Querying rwhois.blacklotus.net] [rwhois.blacklotus.net] %rwhois V-1.0,V-1.5:00090h:00 support.blacklotus.net (Ubersmith RWhois Server V-1.6.5) autharea=208.64.120.0/21 xautharea=208.64.120.0/21 network:Class-Name:network network:Auth-Area:208.64.120.0/21 network:ID:NET-412.208.64.123.176/30 network:Network-Name:SSL enabled web sites (Mitigation Critical) network:IP-Network:208.64.123.176/30 network:IP-Network-Block:208.64.123.176 - 208.64.123.179 network:Org-Name:Aloli LTD network:Street-Address:3321 Road Town, Drake Chambers network:City:Tortola network:State:- network:Postal-Code:3321 network:Country-Code: network:Tech-Contact:MAINT-412.208.64.123.176/30 network:Created:20100818161918000 network:Updated:20100818161918000 network:Updated-By:supp...@blacklotus.net network:POC-Name:Network Operations Center network:POC-Email:supp...@blacklotus.net network:POC-Phone:(323) 657-5944 network:Tech-Name:Network Operations Center network:Tech-Email:supp...@blacklotus.net network:Tech-Phone:(323) 657-5944 %ok Nick Olsen Network Operations (321) 205-1100 x106 ---------------------------------------- From: "RickG" <rgunder...@gmail.com> Sent: Sunday, August 22, 2010 9:54 PM To: "WISPA General List" <wireless@wispa.org> Subject: Re: [WISPA] strange firewall connection I just sent them an email. Gonna beat on them & their upstream. On Sun, Aug 22, 2010 at 9:41 PM, Chuck Hogg <ch...@shelbybb.com> wrote: Apparently that ip is being used to attack quite a few people. Paste your firewall rule here, it may be incorrect. On Sun, Aug 22, 2010 at 7:19 PM, RickG <rgunder...@gmail.com> wrote: I'm seeing a ton of connections coming from 208.64.123.177 (Blacklotus.net) to an IP address in my range (204.62.63.3) which is not assigned to anything. The strange thing is that when I block it, I lose DNS on my network. My RB-1000's primary DNS is set for public (4.2.2.2) and my upstream's (Time Warner - 76.85.228.101). Any thoughts? ---------------------------------------------------------------------------- ---- WISPA Wants You! Join today! http://signup.wispa.org/ ---------------------------------------------------------------------------- ---- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ ---------------------------------------------------------------------------- ---- WISPA Wants You! Join today! http://signup.wispa.org/ ---------------------------------------------------------------------------- ---- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
-------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
