[clug] [slightly OT] how to find what an IP is

[Kim Holburn]

At 8:27 PM +1000 2003/09/02, Eyal Lebedinsky wrote:
>I am setting up a Windows/XP laptop for my parents, and while it sits
>on my desk I have an iptraf window listening on its connection.
>
>I find some connections that I do not know the domain of. The IPs
>do not have a DNS, and the closest I get is the authority responding
>to a 'dig x'. I recall there was a site that could collect information
>about an IP, but I forget where. Or maybe a utility?
>
>Here are some of the connections I see:
>144.135.8.166:443
>144.135.8.185:443
>81.52.248.151:80
>206.112.112.13:80
>
>A set of IPs do have DNS and they are wustat.windows.com - anyone
>knows what this is?

It's not easy at all to find out what the DNS name is if there is no rDNS entry and even if there is a reverse DNS entry some websites can have hundreds of DNS names, it is not possible or not easy to find them from the IP address.  You'd have to have some kind of dnsbot and a huge database.   Has anyone done this?

Whois will tell you who owns the IP block.  Geektools does a recursive search.  (Why is this so hard?  Thank ICANN.)  Traceroute when it works can show you the IP address of their ISP and their ISP's ISP etc.

(On a unix box use:)
whois -h whois.geektools.com <ipnumber>
traceroute <ipnumber>

On a windows box get a copy of "Sam Spade"

They are probes to http and https.  Most likely some kind of code red/nimda or some port trawler (maybe even a googlebot or a spambot).  Someone looking for a box to hack.

Kim
-- 
--
Kim Holburn 
Network Consultant - Telecommunications Engineering
Research School of Information Sciences and Engineering
Australian National University - Ph: +61 2 61258620 M: +61 0417820641
Email: kim.holburn at anu.edu.au  - PGP Public Key on request

Life is complex - It has real and imaginary parts.
     Andrea Leistra (rec.arts.sf.written.Robert-jordan)