Attack from a reserved address

Wed Aug 30 18:54:48 EDT 2006

Thanks for reading this. I'm getting attacked from a "reserved" IP address, 
and I'm looking for help to find out where it really is.

The log fragment below is from the auth.log on my Debian Sarge box. 
I think someone is doing a dictionary attack: these have been coming in 
from this address for a couple of days, but when I put the IP into 
samspade (http://www.samspade.org/), it comes up "Reserved by IANA". 

All suggestions welcome.

Bill
P.S. I've closed the port, but anyone who wants to test it, just drop 
me an email with your IP address.

Aug 30 18:16:28 billhorne sshd[14138]: Illegal user webadmin from ::ffff:125.251.21.2
Aug 30 18:16:30 billhorne sshd[14143]: Illegal user webadmin from ::ffff:125.251.21.2
Aug 30 18:16:32 billhorne sshd[14148]: Illegal user webadmin from ::ffff:125.251.21.2
Aug 30 18:16:34 billhorne sshd[14151]: Illegal user webadmin from ::ffff:125.251.21.2
Aug 30 18:16:36 billhorne sshd[14154]: Illegal user webadmin from ::ffff:125.251.21.2
Aug 30 18:16:38 billhorne sshd[14156]: Illegal user webadmin from ::ffff:125.251.21.2
Aug 30 18:16:40 billhorne sshd[14160]: Illegal user webadmin from ::ffff:125.251.21.2
Aug 30 18:16:42 billhorne sshd[14162]: Illegal user webadmin from ::ffff:125.251.21.2
Aug 30 18:16:44 billhorne sshd[14165]: Illegal user webadmin from ::ffff:125.251.21.2
Aug 30 18:16:47 billhorne sshd[14168]: Illegal user webadmin from ::ffff:125.251.21.2
Aug 30 18:16:49 billhorne sshd[14171]: Illegal user webadmin from ::ffff:125.251.21.2
Aug 30 18:16:51 billhorne sshd[14174]: Illegal user webadmin from ::ffff:125.251.21.2
Aug 30 18:16:53 billhorne sshd[14176]: Illegal user webadmin from ::ffff:125.251.21.2
Aug 30 18:16:55 billhorne sshd[14180]: Illegal user webadmin from ::ffff:125.251.21.2
Aug 30 18:16:57 billhorne sshd[14182]: Illegal user webadmin from ::ffff:125.251.21.2
Aug 30 18:16:59 billhorne sshd[14185]: Illegal user webadmin from ::ffff:125.251.21.2
Aug 30 18:17:02 billhorne sshd[14188]: Illegal user webadmin from ::ffff:125.251.21.2
Aug 30 18:17:04 billhorne sshd[14193]: Illegal user webadmin from ::ffff:125.251.21.2
Aug 30 18:17:06 billhorne sshd[14197]: Illegal user webadmin from ::ffff:125.251.21.2

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.