Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Investigation- Web pages visited

From: Saqib Ali <docbook.xml () gmail com>
Date: Wed, 2 Nov 2005 12:55:44 -0800
You can use couple of different tools:

1) ARIN WHOIS: http://www.arin.net/whois/
2) Install the Netcraft Toolbar : http://toolbar.netcraft.com/
3) Do a Tracert
4) Do a NSLOOKUP on the IP address

ARIN WHOIS and Netcraft Toolbar, will give you the IP Netblock owner,
which is wil be very helpful in your situation. Once you get the
Netblock owner, use Netcraft to find out website hosted on that
Netblock, this will give you the information that you need. But you
will have to parse through the Netcraft output.

See netcraft result of a IP Netblock Owner query:
http://toolbar.netcraft.com/netblock?q=UK-RACKSPACE-20040816,83.138.128.0,83.138.191.255


I am trying to investigate some possible corporate policy violations, mostly
involving porn.  My IDS matches rules for certain criteria and looks for
banned words in html.  When I get the ip, i can query it, but most of the
time I get info about a hosting provider.  When I attempt to access the ip
http://155.X.X.X i get either some generic page or a 404 error.  Is there
any way to find out what sites are hosted at a given IP?  My logs have not
been much help for this.


--
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
Consensus is good, but informed dictatorship is better.
Previous By Date Next
Previous By Thread Next

Current thread: