If you block APNIC's range you're blocking the whole of the Asia/Pacific region. APNIC is not an ISP or large company, it's actually the regional authority for internet addresses, so it owns *all* addresses in Asia/Pacific - just like ARIN owns all addresses in North America and RIPE owns all addresses in Europe.
Your lookup is resolving back to APNIC because you're using your regional authority (in your case ARIN) and it will only resolve addresses in its own range. For all other addresses it will just refer you to the appropriate regional authority. If you then use *that* authority's whois, you'll get the real story. Oh, and if you try to automate this to look up lots of addresses, you're breaking the terms of use of the whois server. I'd imagine they'd block you, but I've never tried it. Jaime > -----Original Message----- > From: Brian Peddle [mailto:[EMAIL PROTECTED] > Sent: Saturday, 9 August 2008 4:28 AM > To: CF-Talk > Subject: Re: HELP! SQL Injection Attack! > > Just curious as I have no seen this on an old asp site months > ago and now on CF. Every IP lookup I do goes back to > > OrgName: Asia Pacific Network Information Centre > OrgID: APNIC > <http://ws.arin.net/whois/?queryinput=O%20%21%20APNIC> > Address: PO Box 2131 > City: Milton > StateProv: QLD > PostalCode: 4064 > Country: AU > > > For ASP I ended up blocking full ranges of ips which helped > the issue quicker. > > > > Paul Ihrig wrote: > > what are you seeing if you limit email to unique IP's? > > ours is way down if we do that. > > > > we are just sending unique ip's to one of our GREAT it guys > to insert > > into ban list in firewall. > > should figure out how to auto add remove ip's > > > > > > > > On Fri, Aug 8, 2008 at 11:03 AM, Les Mizzell > <[EMAIL PROTECTED]> wrote: > > > >>> http://www.actcfug.com/files/_SQLPrev.zip > >>> > >> After putting this on a number of sites in just the last > two hours, I > >> am completely blown away by the number of attacks I'm seeing! Over > >> 2500 in less than 2 hours on just 3 sites. > >> > >> My poor mail server can't take all the extra incoming mail!!! I'm > >> going to have to mod the code to remove the warning email > that goes > >> out, and have it create a log file or something instead! > >> > >> I have to think to myself - is this payback for baiting all those > >> Nigerian scammers last week? Oh jezz.... > >> > >> This is unbelievable! > >> > >> Les > >> > >> > >> > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310783 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
