[Snort-users] Name resolution
jsage at ...2022...
Fri May 18 09:56:28 EDT 2001
Subba Rao wrote:
> This is going to be a very basic question. I do see (on daily basis) attempts
> to connect to the sunrpc services (port 111). When I try to resolve the IP
> address, I always get,
> *** myhost.mydom.com can't find sys.no.edu: Non-existent host/domain
> How are these hackers conducting the hacks? They should get some response back
> from my machine. If their host/domain does not exist, then where are the
> replies from my system going?
If you really want to determine as much as you can about who/where/what these
IP's are, you need to use whois services at one of these:
Asia/Pacific generally: http://www.apnic.net/
Japan NIC: http://whois.nic.ad.jp/cgi-bin/whois_gw
Korea NIC: http://www.nic.or.kr/www/english/
Taiwan NIC: http://www.twnic.net/English/Index.htm
The appropriate whois service will get you to the netblock holder, and in
many cases get you down to the specific administrative level of the domain..
I've found that all URI's with more than the domain.tld (ie: server.domain.tld)
will never resolve from an IP address under my local nslookup.
FinchHaven, Vashon Island, WA, USA
mailto:jsage at ...2022...
"The web is so, like, five minutes ago..."
More information about the Snort-users