Re: failed ssh breakins on my exposed www box ..
In article <[🔎] 3C9DF840.6060603@hassard.net> steve@hassard.net writes:
>What's the best way to figure
>out the admin for a subnet from a machine's IP?
As others have pointed out, whois is the normal tool to do it, but
they forgot to mention the complexities you get with servers pointing
to each other and sometimes to rwhois servers, etc. There are some
whois servers (like geektools) that try to work through this mess, but
I've written hinfo, a tool I use to get this info as well as looking
them up in several DNSBL lists, etc. I mainly use it on spammers
addresses and URLs so I can complain to their IP block owner. (and
add the block to BlarsBL (http://www.blars.org/errors/block.html) if
the ISP doesn't take care of their spamming problem) hinfo is avilable
from http://www.blars.org/hinfo.html . I may package it for debian,
if people want me to, after some more cleanup and documentation.
Here is the hinfo output for that address:
Processing 213.26.96.103 (213.26.96.103)
213.26.96.103 is in selwerd XBL as 127.0.0.4
IPQuery: 213.26.96.103 Server: whois.arin.net
IPQuery: 213.26.96.103 Server: whois.ripe.net
Referering Data:
European Regional Internet Registry/RIPE NCC (NETBLK-213-RIPE)
These addresses have been further assigned to European users.
Contact info can be found in the RIPE database, via the
WHOIS and TELNET servers at whois.ripe.net, and at
http://www.ripe.net/perl/whois/
NL
Netname: RIPE-213
Netblock: 213.0.0.0 - 213.255.255.255
Maintainer: RIPE
Coordinator:
Reseaux IP European Network Co-ordination Centre Singel 258 (RIPE-NCC-ARIN) nicdb@RIPE.NET
+31 20 535 4444
Domain System inverse mapping provided by:
NS.RIPE.NET 193.0.0.193
NS.EU.NET 192.16.202.11
AUTH00.NS.UU.NET 198.6.1.65
NS3.NIC.FR 192.134.0.49
SUNIC.SUNET.SE 192.36.125.2
MUNNARI.OZ.AU 128.250.1.21
NS.APNIC.NET 203.37.255.97
SVC00.APNIC.NET 202.12.28.131
Record last updated on 08-Apr-1999.
Database last updated on 23-Mar-2002 19:56:37 EDT.
% This is the RIPE Whois server.
% The objects are in RPSL format.
% Please visit http://www.ripe.net/rpsl for more information.
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html
inetnum: 213.26.96.96 - 213.26.96.127
netname: SATEL-GROUP
descr: Satel Group Srl
country: IT
admin-c: SB10545-RIPE
tech-c: FC3284-RIPE
status: ASSIGNED PA
notify: network@cgi.interbusiness.it
mnt-by: INTERB-MNT
changed: network@cgi.interbusiness.it 20000605
source: RIPE
route: 213.26.0.0/16
descr: INTERBUSINESS
origin: AS3269
remarks: Send report of network abuse/spam
remarks: only to: abuse@interbusiness.it .
remarks: If you report abuse to any other address
remarks: you will get no response.
notify: network@cgi.interbusiness.it
mnt-by: INTERB-MNT
changed: mattu@cgi.interbusiness.it 20011009
source: RIPE
person: Sonia Ballaben
address: Satel Group Srl
address: Centro Commerciale A1/12
address: I- 33170 Pordenone
address: Italy
phone: +39 0434 571110
fax-no: +39 0434 572830
e-mail: sballaben@satelgroup.net
nic-hdl: SB10545-RIPE
changed: network@cgi.interbusiness.it 20000605
source: RIPE
person: Fabio Cardin
address: Satel Group Srl
address: Centro Commerciale A1/12
address: I- 33170 Pordenone
address: Italy
phone: +39 0434 571110
fax-no: +39 0434 572830
e-mail: fcardin@satelgroup.net
nic-hdl: FC3284-RIPE
changed: network@cgi.interbusiness.it 20000605
source: RIPE
kk
--
Blars Blarson blarson@blars.org
http://www.blars.org/blars.html
"Text is a way we cheat time." -- Patrick Nielsen Hayden
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: