Snort mailing list archives

Re: Name resolution

From: Dan Cuthbert <dcuthbert () idsec co uk>
Date: Fri, 18 May 2001 15:29:40 +0100

Hi

Ive found that whois.geektools.com searches all of those for you!


Dan


* John Sage (jsage () finchhaven com) scribbled away:

Subba:

Subba Rao wrote:

Hi,

This is going to be a very basic question. I do see (on daily basis) attempts
to connect to the sunrpc services (port 111). When I try to resolve the IP
address, I always get,

*** myhost.mydom.com can't find sys.no.edu: Non-existent host/domain 

How are these hackers conducting the hacks? They should get some response back
from my machine. If their host/domain does not exist, then where are the
replies from my system going?


If you really want to determine as much as you can about who/where/what these
IP's are, you need to use whois services at one of these:

ARIN: ttp://whois.arin.net/whois/index.html

Europe: http://www.ripe.net/cgi-bin/whois

Asia/Pacific generally: http://www.apnic.net/

Japan NIC:  http://whois.nic.ad.jp/cgi-bin/whois_gw

Korea NIC: http://www.nic.or.kr/www/english/

Taiwan NIC: http://www.twnic.net/English/Index.htm

Internic: http://www.internic.net/whois.html

The appropriate whois service will get you to the netblock holder, and in
many cases get you down to the specific administrative level of the domain..

I've found that all URI's with more than the domain.tld (ie: server.domain.tld)
will never resolve from an IP address under my local nslookup.

HTH..

- John

-- 
John Sage
FinchHaven, Vashon Island, WA, USA
http://www.finchhaven.com/
mailto:jsage () finchhaven com
"The web is so, like, five minutes ago..."


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



Dan Cuthbert
Network Security Consultant
IdSec 
Key fingerprint = 9BFB 60F1 1B46 F9F0 4E2C  84A6 8D04 E771 54A6 1116

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Name resolution Subba Rao (May 17)
- Re: Name resolution Kendall Lister (May 17)
- Re: Name resolution John Sage (May 18)
  - Re: Name resolution Dan Cuthbert (May 18)