Date: Mon, 25 May 1998 16:50:05 -0700 (PDT) From: Roger Marquis <marquis@roble.com> To: freebsd-isp@FreeBSD.ORG Subject: Re: Geographical location of IP addresses. Message-ID: <Pine.SUN.3.96.980525164118.6100A-100000@roble.com> In-Reply-To: <Pine.BSF.3.96.980525185922.464A-100000@distance.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 25 May 1998, Fike Force wrote: > Another suggestion is to traceroute to the hackers or carders > ip address. Sometimes his uplinks will have geo information at each > router. Traceroute is good for identifying upstream providers but `whois` has been getting progressively less useful since Network Solutions obtained the Internic. Their contract is supposed to expire this year but much of the damage is irreversible i.e., there are a large and growing number of whois servers, making the jobs of finding whois records progressively more difficult. Here's a script that might help finding netblocks and other whois records. Roger Marquis Roble Systems Consulting http://www.roble.com/consulting -------------------------------------------------------------------- #!/bin/sh # whoiss, a wrapper for BSD-Unix whois # returns registration information for foreign domains and netblocks # available at ftp://ftp.roble.com/unix/whoiss # # to_do: # * add error handling code for non-arin netblocks (apnic & ripe) # * find a server for .au if [ -x /usr/local/bin/less ]; then MORE=${MORE:-/usr/local/bin/less} else MORE=${MORE:-more} fi ## qualify the input if [ "$1" = "" ]; then echo "USAGE: `basename $0` [domainname|subnet|handle]" exit 1 else DOMAIN="`echo $1|tr [A-Z] [a-z]`" TLD="`echo $DOMAIN | awk -f. '{print $NF}'`" fi ## determine whois server case $TLD in com|net|org|edu|gov) #whois.internic.net, root monopoly holder wserver=whois.internic.net ;; us) wserver=whois.isi.edu ;; ca) # per Richard Sexton 280se@mbz.org/richard@ns1.vrx.net wserver=ns3.vrx.net ;; cn|hk|kr|jp|tw) #whois.apnic.net, Asia and the Pacific region wserver=whois.apnic.net ;; al|am|at|az|ba|be|bg|by|ch|cy|cz|de|dk|dz|ee|eg|es|fi|fo|\ fr|gb|ge|gr|hr|hu|ie|il|is|it|li|lt|lu|lv|ma|md|mk|mt|nl|\ no|pl|pt|ro|ru|se|si|sk|sm|su|tn|tr|ua|uk|va|yu) #whois.ripe.net, Europe, Russia, Middle East and parts of Africa wserver=whois.ripe.net ;; [0-9]*|net*) #whois.arin.net : reverse mapping wserver=whois.arin.net ;; mil) #nic.ddn.mil, us military wserver=nic.ddn.mil ;; *) #rs.internic.net, North and South America and parts of Africa wserver=rs.internic.net ;; esac ## query correct server echo "--> Querying the $wserver server:" echo "" whois -h $wserver $DOMAIN | $MORE exit $? -------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SUN.3.96.980525164118.6100A-100000>