Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 11 Apr 2010 07:10:50 -0500
From:      Walter <walterk1@earthlink.net>
To:        Adam Vande More <amvandemore@gmail.com>
Cc:        Questions <freebsd-questions@freebsd.org>
Subject:   Re: host & dig
Message-ID:  <4BC1BC4A.40605@earthlink.net>
In-Reply-To: <w2z6201873e1004100914pf6cc9335z2133cbad172825cb@mail.gmail.com>
References:  <4BC0911E.2090703@earthlink.net> <w2z6201873e1004100914pf6cc9335z2133cbad172825cb@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

   Adam Vande More wrote:

     I used telnet to connect to 68.204.xxx.xxx
     it tells me I've connected to [1]xxx.xxx.204.68.cfl.res.rr.com.
     (backwards, right?), then I log in.

   No, you have to a connection before you login.  You want to *strongly*
   consider using ssh instead of telnet.  You may also be referring the
   format of the DNS query result which known as
   [2]http://en.wikipedia.org/wiki/Reverse_DNS_lookup

   I DID have a connection.  ???  Maybe I gave too much detail,
   but the point is that the IP yielded by host/dig did not match
   what "whatismyip.com" gave here.  I'd like to know why.

     After user/pass entry, it says connected from "user-yyyyyyy.cab"

     (replaced seemingly random name with "yyyyyyy" in case
     it's not transient)
     My external IP here is 24.110.nnn.nnn
     The issue:
     When I use either "host" or "dig" to give me the IP address
     from "user-yyyyyyy.cab", they tell me: 208.68.zzz.zzz
     (Ping gives the same.)
     So, I'm still at a loss, I think, to know the originating IP.
     Should a firewall rule blocking 208.68.zzz.zzz actually
     operate against 24.110.nnn.nnn?

   I don't understand the question, what is the rule?

      I'd STILL like to know the true source IP to be able to connect
     back to it.

   man sockstat
   man netstat

   Thanks.  Did that:
   "netstat -n" gives the correct IP.
   "sockstat" does also.
   I couldn't find anything in the host or dig man pages that
   indicated to me that they could be made to yield the proper
   24.110.*.* IP address.
   About the "rule"::: I was just mentioning one of the reasons
   I want the IP address is so I can monitor multiple bad login
   attempts to block the troublesome IP with a firewall rule.  I
   ALSO would like the correct IP for another purpose (project),
   that involves connecting back to the source IP.
   I will give a try to find out which IP address the ipfw firewall
   operates on - the 208.68.*.* one or the 24.110.*.* one.  It's not
   obvious which at this point to me.
   Thanks.
   Walter

References

   1. http://xxx.xxx.204.68.cfl.res.rr.com/
   2. http://en.wikipedia.org/wiki/Reverse_DNS_lookup

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BC1BC4A.40605>