From owner-freebsd-security Mon Oct 11 8:40: 6 1999 Delivered-To: freebsd-security@freebsd.org Received: from mx2.imaginet.fr (artemis.imaginet.fr [195.68.75.24]) by hub.freebsd.org (Postfix) with ESMTP id 78902150AF for ; Mon, 11 Oct 1999 08:39:53 -0700 (PDT) (envelope-from michael.hallgren@fisystem.fr) Received: from corpo01.imaginet.fr (corpo01.imaginet.fr [195.68.75.105]) by mx2.imaginet.fr (8.9.3/8.8.8) with ESMTP id RAA04054; Mon, 11 Oct 1999 17:39:16 +0200 (MET DST) Received: from roam (janus.fisystem.fr [195.68.32.60]) by corpo01.imaginet.fr (8.8.8/8.8.8) with SMTP id RAA25371; Mon, 11 Oct 1999 17:39:00 +0200 (MET DST) Message-ID: <003301bf13fe$fe84cc00$5b014b0a@asf.fr> From: "Michael Hallgren" To: , References: <199910111519.LAA31237@cc942873-a.ewndsr1.nj.home.com> Subject: Re: Identifying an Unresolvable IP Date: Mon, 11 Oct 1999 17:40:46 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, > Connections from two different, but close (consecutive class C nets), > IP addresses showed up in some of my daily security logs. The > addresses do not reverse-lookup, but I would still like to know who > owns the addresses (my guess it is a valid user's 3rd party ISP, but I > want to be sure). > > What tools or references are easily accessible for determining who > owns a block of IPs? > I have not been able figure out how to coax the > info from DNS or whois. A whois lookup (RIPE and friends), should give the owner of the block in question. For example, say that you're trying to track down 195.90.34.69. A whois -h whois.ripe.net gives you inetnum: 195.90.34.0 - 195.90.34.255 netname: GRAPHNET-PARIS descr: Graphnet Inc. Paris node country: FR admin-c: GIS-ORG tech-c: XH15-RIPE tech-c: GIS-ORG rev-srv: ns.fr.graphnet.net rev-srv: ns.globalis.net status: ASSIGNED PA mnt-by: GNET-MNT changed: mh@graphnet.com 19990201 changed: geno@graphnet.com 19990721 source: RIPE So, you know that Graphnet's responsible for that IP address. (Now, maybe Graphnet's been allocating some IP space including 195.90.34.69 to some customer ? That's no big deal for you, since you may contact Graphnet for details...) > A web search, somewhat to my surprise, did not > immediately pop up a site that will tell you this info when you slip in > an IP address. > Go http://www.ripe.net/ , for example Cheers Michael > Thanks for any help. > -- > Crist J. Clark cjclark@home.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message