From owner-freebsd-isp Mon May 25 16:50:15 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA05381 for freebsd-isp-outgoing; Mon, 25 May 1998 16:50:15 -0700 (PDT) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from roble.com (roble.com [207.5.40.50]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA05367 for ; Mon, 25 May 1998 16:50:09 -0700 (PDT) (envelope-from sendmail@roble.com) Received: from localhost (localhost [127.0.0.1]) by roble.com (Roble) with SMTP id QAA06227 for ; Mon, 25 May 1998 16:50:05 -0700 (PDT) Date: Mon, 25 May 1998 16:50:05 -0700 (PDT) From: Roger Marquis To: freebsd-isp@FreeBSD.ORG Subject: Re: Geographical location of IP addresses. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 25 May 1998, Fike Force wrote: > Another suggestion is to traceroute to the hackers or carders > ip address. Sometimes his uplinks will have geo information at each > router. Traceroute is good for identifying upstream providers but `whois` has been getting progressively less useful since Network Solutions obtained the Internic. Their contract is supposed to expire this year but much of the damage is irreversible i.e., there are a large and growing number of whois servers, making the jobs of finding whois records progressively more difficult. Here's a script that might help finding netblocks and other whois records. Roger Marquis Roble Systems Consulting http://www.roble.com/consulting -------------------------------------------------------------------- #!/bin/sh # whoiss, a wrapper for BSD-Unix whois # returns registration information for foreign domains and netblocks # available at ftp://ftp.roble.com/unix/whoiss # # to_do: # * add error handling code for non-arin netblocks (apnic & ripe) # * find a server for .au if [ -x /usr/local/bin/less ]; then MORE=${MORE:-/usr/local/bin/less} else MORE=${MORE:-more} fi ## qualify the input if [ "$1" = "" ]; then echo "USAGE: `basename $0` [domainname|subnet|handle]" exit 1 else DOMAIN="`echo $1|tr [A-Z] [a-z]`" TLD="`echo $DOMAIN | awk -f. '{print $NF}'`" fi ## determine whois server case $TLD in com|net|org|edu|gov) #whois.internic.net, root monopoly holder wserver=whois.internic.net ;; us) wserver=whois.isi.edu ;; ca) # per Richard Sexton 280se@mbz.org/richard@ns1.vrx.net wserver=ns3.vrx.net ;; cn|hk|kr|jp|tw) #whois.apnic.net, Asia and the Pacific region wserver=whois.apnic.net ;; al|am|at|az|ba|be|bg|by|ch|cy|cz|de|dk|dz|ee|eg|es|fi|fo|\ fr|gb|ge|gr|hr|hu|ie|il|is|it|li|lt|lu|lv|ma|md|mk|mt|nl|\ no|pl|pt|ro|ru|se|si|sk|sm|su|tn|tr|ua|uk|va|yu) #whois.ripe.net, Europe, Russia, Middle East and parts of Africa wserver=whois.ripe.net ;; [0-9]*|net*) #whois.arin.net : reverse mapping wserver=whois.arin.net ;; mil) #nic.ddn.mil, us military wserver=nic.ddn.mil ;; *) #rs.internic.net, North and South America and parts of Africa wserver=rs.internic.net ;; esac ## query correct server echo "--> Querying the $wserver server:" echo "" whois -h $wserver $DOMAIN | $MORE exit $? -------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message