Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 11 Oct 1999 17:40:46 +0200
From:      "Michael Hallgren" <michael.hallgren@fisystem.fr>
To:        <cjclark@home.com>, <freebsd-security@freebsd.org>
Subject:   Re: Identifying an Unresolvable IP
Message-ID:  <003301bf13fe$fe84cc00$5b014b0a@asf.fr>
References:  <199910111519.LAA31237@cc942873-a.ewndsr1.nj.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi,

> Connections from two different, but close (consecutive class C nets),
> IP addresses showed up in some of my daily security logs. The
> addresses do not reverse-lookup, but I would still like to know who
> owns the addresses (my guess it is a valid user's 3rd party ISP, but I
> want to be sure).
>
> What tools or references are easily accessible for determining who
> owns a block of IPs?
> I have not been able figure out how to coax the
> info from DNS or whois.

A whois lookup (RIPE and friends), should give the owner of the block in
question.

For example, say that you're trying to track down 195.90.34.69. A whois -h
whois.ripe.net gives you

inetnum:     195.90.34.0 - 195.90.34.255
netname:     GRAPHNET-PARIS
descr:       Graphnet Inc. Paris node
country:     FR
admin-c:     GIS-ORG
tech-c:      XH15-RIPE
tech-c:      GIS-ORG
rev-srv:     ns.fr.graphnet.net
rev-srv:     ns.globalis.net
status:      ASSIGNED PA
mnt-by:      GNET-MNT
changed:     mh@graphnet.com 19990201
changed:     geno@graphnet.com 19990721
source:      RIPE


So, you know that Graphnet's responsible for that IP address. (Now, maybe
Graphnet's been allocating some IP space including 195.90.34.69 to some
customer ? That's no big deal for you, since you may contact Graphnet for
details...)

> A web search, somewhat to my surprise, did not
> immediately pop up a site that will tell you this info when you slip in
> an IP address.
>

Go http://www.ripe.net/ , for example



Cheers

Michael
> Thanks for any help.
> --
> Crist J. Clark                           cjclark@home.com
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003301bf13fe$fe84cc00$5b014b0a>