Date: Wed, 26 Jun 2002 09:23:28 +1000 From: ggm@apnic.net To: security@freebsd.org Cc: goatee@binary.net Subject: Random address in asia != APNIC Message-ID: <30409.1025047408@durian.apnic.net>
next in thread | raw e-mail | index | archive | help
Blaine Kahle <goatee@binary.net> Said in security@freebsd.org: > And I think it's being scanned for: > > Jun 25 16:10:06 aspire sshd[26012]: scanned from 203.74.9.16 with > SSH-1.0-SSH_Version_Mapper. Don't panic. > Jun 25 16:10:06 aspire sshd[26009]: Did not receive identification string > from 203.74.9.16 > >203.74.9.16 is APNIC. Please, if you work in a 'security' domain in FreeBSD, do not, ever attribute random addresses to the Internet Registry that allocated them. APNIC, RIPE, ARIN (and soon LACNIC and AFRNIC) are registries. They are not the source, they provision the handing out of the addresses. They are not responsible for the packet source, or destination of arbitrary flows in the internet. Indeed, whois contact information is often out of date, and the whois returns the /8 network region which is the parent block, but that doesn't make the packets 'ours' -It just means we're doing the best we can to tell you where the addresses were obtained. Not where they are used, not where the sender is. If you run, configure, write code which intuits owners from whois, can you not propagate this mistake please? cheers -George George Michaelson | APNIC Email: ggm@apnic.net | PO Box 2131 Milton QLD 4064 Phone: +61 7 3858 3100 | Australia Fax: +61 7 3858 3199 | http://www.apnic.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?30409.1025047408>