[Snort-users] Name resolution

Dan Cuthbert dcuthbert at ...1623...
Fri May 18 10:29:40 EDT 2001


Hi

Ive found that whois.geektools.com searches all of those for you!


Dan


* John Sage (jsage at ...2022...) scribbled away:
> Subba:
> 
> Subba Rao wrote:
> 
> > Hi,
> > 
> > This is going to be a very basic question. I do see (on daily basis) attempts
> > to connect to the sunrpc services (port 111). When I try to resolve the IP
> > address, I always get,
> > 
> > *** myhost.mydom.com can't find sys.no.edu: Non-existent host/domain 
> > 
> > How are these hackers conducting the hacks? They should get some response back
> > from my machine. If their host/domain does not exist, then where are the
> > replies from my system going?
> 
> If you really want to determine as much as you can about who/where/what these
> IP's are, you need to use whois services at one of these:
> 
> ARIN: ttp://whois.arin.net/whois/index.html
> 
> Europe: http://www.ripe.net/cgi-bin/whois
> 
> Asia/Pacific generally: http://www.apnic.net/
> 
> Japan NIC:  http://whois.nic.ad.jp/cgi-bin/whois_gw
> 
> Korea NIC: http://www.nic.or.kr/www/english/
> 
> Taiwan NIC: http://www.twnic.net/English/Index.htm
> 
> Internic: http://www.internic.net/whois.html
> 
> The appropriate whois service will get you to the netblock holder, and in
> many cases get you down to the specific administrative level of the domain..
> 
> I've found that all URI's with more than the domain.tld (ie: server.domain.tld)
> will never resolve from an IP address under my local nslookup.
> 
> HTH..
> 
> - John
> 
> -- 
> John Sage
> FinchHaven, Vashon Island, WA, USA
> http://www.finchhaven.com/
> mailto:jsage at ...2022...
> "The web is so, like, five minutes ago..."
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


Dan Cuthbert
Network Security Consultant
IdSec 
Key fingerprint = 9BFB 60F1 1B46 F9F0 4E2C  84A6 8D04 E771 54A6 1116




More information about the Snort-users mailing list