Re: Name resolution

[John Sage <jsage () finchhaven com>]

Subba:

Subba Rao wrote:

> Hi,
>
> This is going to be a very basic question. I do see (on daily basis) attempts
> to connect to the sunrpc services (port 111). When I try to resolve the IP
> address, I always get,
>
> *** myhost.mydom.com can't find sys.no.edu: Non-existent host/domain 
>
> How are these hackers conducting the hacks? They should get some response back
> from my machine. If their host/domain does not exist, then where are the
> replies from my system going?

If you really want to determine as much as you can about who/where/what these
IP's are, you need to use whois services at one of these:

ARIN: ttp://whois.arin.net/whois/index.html

Europe: http://www.ripe.net/cgi-bin/whois

Asia/Pacific generally: http://www.apnic.net/

Japan NIC:  http://whois.nic.ad.jp/cgi-bin/whois_gw

Korea NIC: http://www.nic.or.kr/www/english/

Taiwan NIC: http://www.twnic.net/English/Index.htm

Internic: http://www.internic.net/whois.html

The appropriate whois service will get you to the netblock holder, and in
many cases get you down to the specific administrative level of the domain..

I've found that all URI's with more than the domain.tld (ie: server.domain.tld)
will never resolve from an IP address under my local nslookup.

HTH..

- John

--
John Sage
FinchHaven, Vashon Island, WA, USA
http://www.finchhaven.com/
mailto:jsage () finchhaven com
"The web is so, like, five minutes ago..."


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users