Snort mailing list archives
Re: Name resolution
From: Dan Cuthbert <dcuthbert () idsec co uk>
Date: Fri, 18 May 2001 15:29:40 +0100
Hi Ive found that whois.geektools.com searches all of those for you! Dan * John Sage (jsage () finchhaven com) scribbled away:
Subba: Subba Rao wrote:Hi, This is going to be a very basic question. I do see (on daily basis) attempts to connect to the sunrpc services (port 111). When I try to resolve the IP address, I always get, *** myhost.mydom.com can't find sys.no.edu: Non-existent host/domain How are these hackers conducting the hacks? They should get some response back from my machine. If their host/domain does not exist, then where are the replies from my system going?If you really want to determine as much as you can about who/where/what these IP's are, you need to use whois services at one of these: ARIN: ttp://whois.arin.net/whois/index.html Europe: http://www.ripe.net/cgi-bin/whois Asia/Pacific generally: http://www.apnic.net/ Japan NIC: http://whois.nic.ad.jp/cgi-bin/whois_gw Korea NIC: http://www.nic.or.kr/www/english/ Taiwan NIC: http://www.twnic.net/English/Index.htm Internic: http://www.internic.net/whois.html The appropriate whois service will get you to the netblock holder, and in many cases get you down to the specific administrative level of the domain.. I've found that all URI's with more than the domain.tld (ie: server.domain.tld) will never resolve from an IP address under my local nslookup. HTH.. - John -- John Sage FinchHaven, Vashon Island, WA, USA http://www.finchhaven.com/ mailto:jsage () finchhaven com "The web is so, like, five minutes ago..." _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Dan Cuthbert Network Security Consultant IdSec Key fingerprint = 9BFB 60F1 1B46 F9F0 4E2C 84A6 8D04 E771 54A6 1116 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Name resolution Subba Rao (May 17)
- Re: Name resolution Kendall Lister (May 17)
- Re: Name resolution John Sage (May 18)
- Re: Name resolution Dan Cuthbert (May 18)