Whois works great. Try the following: whois -h whois.arin.net x.x.x.x where x.x.x.x is the attacking IP. Or you can visit www.arin.net and look for the whois link there. Same thing, but through a web interface if you don't have access to a unix box. Laurence ----- Original Message ----- From: "ash" <ashcrowat_private> To: "Laurence Brockman" <laurenceat_private> Cc: <vuln-devat_private> Sent: Tuesday, May 07, 2002 10:59 PM Subject: Re: Publishing Nimda Logs > Ah, thanks for clearing that up. Is there a central place that says who > owns what IP range blocks so Ican further investigate where attacks > come from (besides whoising each address)? > > Ash > > Laurence Brockman wrote: > > >24.x isn't just Road Runner, it's most cable companies. It's Shaw (In > >Canada), Rogers (AT&T), Road runner, etc, etc. These blocks were given to > >lots of cable ISP's when @Home was big, so sending logs into Road runner for > >any 24.x.x.x IP is useless in most cases (As the majority doesn't belong to > >them). > > > >Laurence > > > > > > >
This archive was generated by hypermail 2b30 : Wed May 08 2002 - 09:50:35 PDT