Security Basics mailing list archives
Re: Investigation- Web pages visited
From: Saqib Ali <docbook.xml () gmail com>
Date: Wed, 2 Nov 2005 12:55:44 -0800
You can use couple of different tools: 1) ARIN WHOIS: http://www.arin.net/whois/ 2) Install the Netcraft Toolbar : http://toolbar.netcraft.com/ 3) Do a Tracert 4) Do a NSLOOKUP on the IP address ARIN WHOIS and Netcraft Toolbar, will give you the IP Netblock owner, which is wil be very helpful in your situation. Once you get the Netblock owner, use Netcraft to find out website hosted on that Netblock, this will give you the information that you need. But you will have to parse through the Netcraft output. See netcraft result of a IP Netblock Owner query: http://toolbar.netcraft.com/netblock?q=UK-RACKSPACE-20040816,83.138.128.0,83.138.191.255
I am trying to investigate some possible corporate policy violations, mostly involving porn. My IDS matches rules for certain criteria and looks for banned words in html. When I get the ip, i can query it, but most of the time I get info about a hosting provider. When I attempt to access the ip http://155.X.X.X i get either some generic page or a 404 error. Is there any way to find out what sites are hosted at a given IP? My logs have not been much help for this.
-- In Peace, Saqib Ali http://www.xml-dev.com/blog/ Consensus is good, but informed dictatorship is better.
Current thread:
- Investigation- Web pages visited Steve Barron (Nov 02)
- Re: Investigation- Web pages visited Bryan S. Sampsel (Nov 03)
- Re: Investigation- Web pages visited Saqib Ali (Nov 03)
- Re: Investigation- Web pages visited Brian Loe (Nov 03)
- RE: Investigation- Web pages visited David Gillett (Nov 03)
- Re: Investigation- Web pages visited Austin Murkland (Nov 04)
- Re: Investigation- Web pages visited Mark Owen (Nov 07)