Date: Mon, 11 Oct 1999 17:40:46 +0200 From: "Michael Hallgren" <michael.hallgren@fisystem.fr> To: <cjclark@home.com>, <freebsd-security@freebsd.org> Subject: Re: Identifying an Unresolvable IP Message-ID: <003301bf13fe$fe84cc00$5b014b0a@asf.fr> References: <199910111519.LAA31237@cc942873-a.ewndsr1.nj.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, > Connections from two different, but close (consecutive class C nets), > IP addresses showed up in some of my daily security logs. The > addresses do not reverse-lookup, but I would still like to know who > owns the addresses (my guess it is a valid user's 3rd party ISP, but I > want to be sure). > > What tools or references are easily accessible for determining who > owns a block of IPs? > I have not been able figure out how to coax the > info from DNS or whois. A whois lookup (RIPE and friends), should give the owner of the block in question. For example, say that you're trying to track down 195.90.34.69. A whois -h whois.ripe.net gives you inetnum: 195.90.34.0 - 195.90.34.255 netname: GRAPHNET-PARIS descr: Graphnet Inc. Paris node country: FR admin-c: GIS-ORG tech-c: XH15-RIPE tech-c: GIS-ORG rev-srv: ns.fr.graphnet.net rev-srv: ns.globalis.net status: ASSIGNED PA mnt-by: GNET-MNT changed: mh@graphnet.com 19990201 changed: geno@graphnet.com 19990721 source: RIPE So, you know that Graphnet's responsible for that IP address. (Now, maybe Graphnet's been allocating some IP space including 195.90.34.69 to some customer ? That's no big deal for you, since you may contact Graphnet for details...) > A web search, somewhat to my surprise, did not > immediately pop up a site that will tell you this info when you slip in > an IP address. > Go http://www.ripe.net/ , for example Cheers Michael > Thanks for any help. > -- > Crist J. Clark cjclark@home.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003301bf13fe$fe84cc00$5b014b0a>