From owner-freebsd-security Mon Oct 11 8:43:25 1999 Delivered-To: freebsd-security@freebsd.org Received: from mx2.imaginet.fr (artemis.imaginet.fr [195.68.75.24]) by hub.freebsd.org (Postfix) with ESMTP id CD22214C94 for ; Mon, 11 Oct 1999 08:43:17 -0700 (PDT) (envelope-from michael.hallgren@fisystem.fr) Received: from corpo01.imaginet.fr (corpo01.imaginet.fr [195.68.75.105]) by mx2.imaginet.fr (8.9.3/8.8.8) with ESMTP id RAA04272; Mon, 11 Oct 1999 17:42:38 +0200 (MET DST) Received: from roam (janus.fisystem.fr [195.68.32.60]) by corpo01.imaginet.fr (8.8.8/8.8.8) with SMTP id RAA25975; Mon, 11 Oct 1999 17:42:20 +0200 (MET DST) Message-ID: <004d01bf13ff$756c8e20$5b014b0a@asf.fr> From: "Michael Hallgren" To: "Michael Hallgren" , , Subject: Re: Identifying an Unresolvable IP Date: Mon, 11 Oct 1999 17:44:08 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Or, from the shell, # whois -a which gives you a cross search over the databases. mh > Hi, > > > Connections from two different, but close (consecutive class C nets), > > IP addresses showed up in some of my daily security logs. The > > addresses do not reverse-lookup, but I would still like to know who > > owns the addresses (my guess it is a valid user's 3rd party ISP, but I > > want to be sure). > > > > What tools or references are easily accessible for determining who > > owns a block of IPs? > > I have not been able figure out how to coax the > > info from DNS or whois. > > A whois lookup (RIPE and friends), should give the owner of the block in > question. > > For example, say that you're trying to track down 195.90.34.69. A whois -h > whois.ripe.net gives you > > inetnum: 195.90.34.0 - 195.90.34.255 > netname: GRAPHNET-PARIS > descr: Graphnet Inc. Paris node > country: FR > admin-c: GIS-ORG > tech-c: XH15-RIPE > tech-c: GIS-ORG > rev-srv: ns.fr.graphnet.net > rev-srv: ns.globalis.net > status: ASSIGNED PA > mnt-by: GNET-MNT > changed: mh@graphnet.com 19990201 > changed: geno@graphnet.com 19990721 > source: RIPE > > > So, you know that Graphnet's responsible for that IP address. (Now, maybe > Graphnet's been allocating some IP space including 195.90.34.69 to some > customer ? That's no big deal for you, since you may contact Graphnet for > details...) > > > A web search, somewhat to my surprise, did not > > immediately pop up a site that will tell you this info when you slip in > > an IP address. > > > > Go http://www.ripe.net/ , for example > > > > Cheers > > Michael > > Thanks for any help. > > -- > > Crist J. Clark cjclark@home.com > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message