[Snort-users] Name resolution
dcuthbert at ...1623...
Fri May 18 10:29:40 EDT 2001
Ive found that whois.geektools.com searches all of those for you!
* John Sage (jsage at ...2022...) scribbled away:
> Subba Rao wrote:
> > Hi,
> > This is going to be a very basic question. I do see (on daily basis) attempts
> > to connect to the sunrpc services (port 111). When I try to resolve the IP
> > address, I always get,
> > *** myhost.mydom.com can't find sys.no.edu: Non-existent host/domain
> > How are these hackers conducting the hacks? They should get some response back
> > from my machine. If their host/domain does not exist, then where are the
> > replies from my system going?
> If you really want to determine as much as you can about who/where/what these
> IP's are, you need to use whois services at one of these:
> ARIN: ttp://whois.arin.net/whois/index.html
> Europe: http://www.ripe.net/cgi-bin/whois
> Asia/Pacific generally: http://www.apnic.net/
> Japan NIC: http://whois.nic.ad.jp/cgi-bin/whois_gw
> Korea NIC: http://www.nic.or.kr/www/english/
> Taiwan NIC: http://www.twnic.net/English/Index.htm
> Internic: http://www.internic.net/whois.html
> The appropriate whois service will get you to the netblock holder, and in
> many cases get you down to the specific administrative level of the domain..
> I've found that all URI's with more than the domain.tld (ie: server.domain.tld)
> will never resolve from an IP address under my local nslookup.
> - John
> John Sage
> FinchHaven, Vashon Island, WA, USA
> mailto:jsage at ...2022...
> "The web is so, like, five minutes ago..."
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Network Security Consultant
Key fingerprint = 9BFB 60F1 1B46 F9F0 4E2C 84A6 8D04 E771 54A6 1116
More information about the Snort-users