Works nicely. Care to share the script?
Ralph Brightlan.net From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Nick Olsen Sent: Sunday, August 22, 2010 10:37 PM To: WISPA General List Subject: Re: [WISPA] strange firewall connection Yup, I run mine on a linux box. By default, linux whois hits Arin, Or RIPE..etc. Then if the org has a private whois server it will hit it. Where everything else just hits arin and thats it. Notice how it hits both below. Running 'whois '208.64.123.177''... [Querying whois.arin.net] [Redirected to rwhois.blacklotus.net:4321] [Querying rwhois.blacklotus.net] I have a php script that makes this web-accessible. Anyone that wants to use it is free to http://whois.141networks.com. However, That is hosted from my personal residence so be gentle. :D //me might move it to the colo here soon though.. Nick Olsen Network Operations (321) 205-1100 x106 <http://www.brevardwireless.com/files/email.gif> _____ From: "RickG" <rgunder...@gmail.com> Sent: Sunday, August 22, 2010 10:28 PM To: n...@brevardwireless.com, "WISPA General List" <wireless@wispa.org> Subject: Re: [WISPA] strange firewall connection interesting. Your results a bit different. who.is says: # Query terms are ambiguous. The query is assumed to be: # "n + 208.64.123.177" # # Use "?" to get help. # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=208.64.123.177?showDetails=true <http://whois.arin.net/rest/nets;q=208.64.123.177?showDetails=true&showARIN= false> &showARIN=false # NetRange: 208.64.120.0 - 208.64.127.255 CIDR: 208.64.120.0/21 OriginAS: AS32421 NetName: NET-208-64-120-0-1 NetHandle: NET-208-64-120-0-1 Parent: NET-208-0-0-0-0 NetType: Direct Allocation NameServer: NS1.ENTERPRISE.BLACKLOTUS.NET NameServer: NS2.ENTERPRISE.BLACKLOTUS.NET RegDate: 2005-12-22 Updated: 2009-11-11 Ref: http://whois.arin.net/rest/net/NET-208-64-120-0-1 OrgName: Black Lotus Communications OrgId: BLC-92 Address: 3419 Virginia Beach Blvd. #D5 City: Virginia Beach StateProv: VA PostalCode: 23452 Country: US RegDate: 2004-04-22 Updated: 2009-02-12 Comment: Please route any abuse concerns to <http://who.is/email.php?domain=208.64.123.177&email=0> Ref: http://whois.arin.net/rest/org/BLC-92 ReferralServer: rwhois://rwhois.blacklotus.net:4321 OrgAbuseHandle: NOC1554-ARIN OrgAbuseName: Network Operations Center OrgAbusePhone: +1-314-323-3401 OrgAbuseEmail: <http://who.is/email.php?domain=208.64.123.177&email=1> OrgAbuseRef: http://whois.arin.net/rest/poc/NOC1554-ARIN OrgTechHandle: NOC1554-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-314-323-3401 OrgTechEmail: <http://who.is/email.php?domain=208.64.123.177&email=2> OrgTechRef: http://whois.arin.net/rest/poc/NOC1554-ARIN OrgNOCHandle: NOC1554-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-314-323-3401 OrgNOCEmail: <http://who.is/email.php?domain=208.64.123.177&email=3> OrgNOCRef: http://whois.arin.net/rest/poc/NOC1554-ARIN RAbuseHandle: NOC1554-ARIN RAbuseName: Network Operations Center RAbusePhone: +1-314-323-3401 RAbuseEmail: <http://who.is/email.php?domain=208.64.123.177&email=4> RAbuseRef: http://whois.arin.net/rest/poc/NOC1554-ARIN RTechHandle: NOC1554-ARIN RTechName: Network Operations Center RTechPhone: +1-314-323-3401 RTechEmail: <http://who.is/email.php?domain=208.64.123.177&email=5> RTechRef: http://whois.arin.net/rest/poc/NOC1554-ARIN RNOCHandle: NOC1554-ARIN RNOCName: Network Operations Center RNOCPhone: +1-314-323-3401 RNOCEmail: <http://who.is/email.php?domain=208.64.123.177&email=6> RNOCRef: http://whois.arin.net/rest/poc/NOC1554-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html On Sun, Aug 22, 2010 at 10:17 PM, Nick Olsen <n...@brevardwireless.com> wrote: Using my favorite whois service. One that hits blackloutus's Rwhois servers, the Org name I get back from them is "Aloli LTD" Running 'whois '208.64.123.177''... [Querying whois.arin.net] [Redirected to rwhois.blacklotus.net:4321] [Querying rwhois.blacklotus.net] [rwhois.blacklotus.net] %rwhois V-1.0,V-1.5:00090h:00 support.blacklotus.net (Ubersmith RWhois Server V-1.6.5) autharea=208.64.120.0/21 xautharea=208.64.120.0/21 network:Class-Name:network network:Auth-Area:208.64.120.0/21 network:ID:NET-412.208.64.123.176/30 network:Network-Name:SSL enabled web sites (Mitigation Critical) network:IP-Network:208.64.123.176/30 network:IP-Network-Block:208.64.123.176 - 208.64.123.179 network:Org-Name:Aloli LTD network:Street-Address:3321 Road Town, Drake Chambers network:City:Tortola network:State:- network:Postal-Code:3321 network:Country-Code: network:Tech-Contact:MAINT-412.208.64.123.176/30 network:Created:20100818161918000 network:Updated:20100818161918000 network:Updated-By:supp...@blacklotus.net <mailto:network%3aupdated-by%3asupp...@blacklotus.net> network:POC-Name:Network Operations Center network:POC-Email:supp...@blacklotus.net <mailto:network%3apoc-email%3asupp...@blacklotus.net> network:POC-Phone:(323) 657-5944 network:Tech-Name:Network Operations Center network:Tech-Email:supp...@blacklotus.net <mailto:network%3atech-email%3asupp...@blacklotus.net> network:Tech-Phone:(323) 657-5944 %ok Nick Olsen Network Operations (321) 205-1100 x106 <http://www.brevardwireless.com/files/email.gif> _____ From: "RickG" <rgunder...@gmail.com> Sent: Sunday, August 22, 2010 9:54 PM To: "WISPA General List" <wireless@wispa.org> Subject: Re: [WISPA] strange firewall connection I just sent them an email. Gonna beat on them & their upstream. On Sun, Aug 22, 2010 at 9:41 PM, Chuck Hogg <ch...@shelbybb.com> wrote: Apparently that ip is being used to attack quite a few people. Paste your firewall rule here, it may be incorrect. On Sun, Aug 22, 2010 at 7:19 PM, RickG <rgunder...@gmail.com> wrote: I'm seeing a ton of connections coming from 208.64.123.177 (Blacklotus.net) to an IP address in my range (204.62.63.3) which is not assigned to anything. The strange thing is that when I block it, I lose DNS on my network. My RB-1000's primary DNS is set for public (4.2.2.2) and my upstream's (Time Warner - 76.85.228.101). Any thoughts? Error! Filename not specified. ---------------------------------------------------------------------------- ---- WISPA Wants You! Join today! http://signup.wispa.org/ ---------------------------------------------------------------------------- ---- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ ---------------------------------------------------------------------------- ---- WISPA Wants You! Join today! http://signup.wispa.org/ ---------------------------------------------------------------------------- ---- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ ---------------------------------------------------------------------------- ---- WISPA Wants You! Join today! http://signup.wispa.org/ ---------------------------------------------------------------------------- ---- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
-------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
