Re: [TCLUG:21181] Finding admin of anonymous machine

To: tclug-list@mn-linux.org
Subject: Re: [TCLUG:21181] Finding admin of anonymous machine
From: Adam Maloney <adamm@sihope.com>
Date: Mon, 11 Sep 2000 11:07:44 -0500 (CDT)
In-Reply-To: <E13YW0S-00063n-00@pchan>

The whois for the IP address@arin.net should return the SWIP information.

unixws1:~/todo $ whois 209.98.16.1@arin.net
[arin.net]
Vector Internet Services, Inc. (NETBLK-VECTOR-BLK1) VECTOR-BLK1
                                                   209.98.0.0 -
209.98.255.255
Sihope Communications (NETBLK-VECTOR-SIHOPE-1) VECTOR-SIHOPE-1
                                                   209.98.16.0 -
209.98.31.255
To single out one record, look it up with "!xxx", where xxx is the
handle, shown in parenthesis following the name, which comes first.
The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.

Lack of reverse DNS information does not mean lack of SWIP information.
For some reason that whole netblock is missing, which is interesting.

You should be able to contact whoever is the last identifiable hop
(alternet you said?) and ask them for help on tracing it further.  Just
tell them you're getting bogons from an IP address in one of their
customers netblocks.

If you mail me the IP off list I'll try and figure out what AS is
advertising routes for it and track them down that way.

Adam Maloney
Systems Administrator
Sihope Communications

On Mon, 11 Sep 2000, Dave Sherohman wrote:

> Adam Maloney said:
> > whois ip.address.of.luser@arin.net
> > 
> > will give you the information on the network coordinator.  I can help you
> > decode it and find out who owns what if you'd like.
> 
> ---
> pchan ~$ whois xx.xxx.xxx.xx@arin.net
> 
> Whois Server Version 1.3
> 
> Domain names in the .com, .net, and .org domains can now be registered
> with many different competing registrars. Go to http://www.internic.net
> for detailed information.
> 
> No match for "xx.xxx.xxx.xx@ARIN.NET".
> 
> >>> Last update of whois database: Mon, 11 Sep 2000 04:45:28 EDT <<<
> 
> The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and
> Registrars.
> ---
> 
> I tried that same whois command line on myself and got identical results
> (aside from the IP address).
> 
> Side question:  What (if anything) is the functional difference between using
> whois to look for a.b.c.d@arin.net vs. d.c.b.a.in-addr.arpa?
> 
> -- 
> "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
> "So does syphillis. Good thing we have penicillin." - Matthew Alton
> Geek Code 3.1:  GCS d- s+: a- C++ UL++$ P+>+++ L+++>++++ E- W--(++) N+ o+
> !K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI++++ D G e* h+ r++ y+
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org
> 
>

References:
- Re: [TCLUG:21181] Finding admin of anonymous machine
  - From: Dave Sherohman <esper@sherohman.org>

Prev by Date: Re: [TCLUG:21181] Finding admin of anonymous machine
Next by Date: Re: [TCLUG:21181] Finding admin of anonymous machine
Prev by thread: Re: [TCLUG:21181] Finding admin of anonymous machine
Next by thread: Re: [TCLUG:21181] Finding admin of anonymous machine
Index(es):
- Date
- Thread