[ale] IPs

Shawn taaj.shawn at gmail.com
Mon Sep 13 11:35:30 EDT 2010


Not sure if this helps -

 Domain Name: GRC.COM
   Registrar: NETWORK SOLUTIONS, LLC.
   Whois Server: whois.networksolutions.com
   Referral URL: http://www.networksolutions.com
   Name Server: NS4.CUSTOMER.LEVEL3.NET
   Name Server: NS6.CUSTOMER.LEVEL3.NET
   Status: clientTransferProhibited
   Updated Date: 29-dec-2006
   Creation Date: 17-dec-1991
   Expiration Date: 16-dec-2012

dig shows -
;; ANSWER SECTION:
grc.com.        80    IN    A    4.79.142.200

NetRange:       4.0.0.0 - 4.255.255.255
CIDR:           4.0.0.0/8
OriginAS:
NetName:        LVLT-ORG-4-8
NetHandle:      NET-4-0-0-0-1
Parent:
NetType:        Direct Allocation
NameServer:     NS2.LEVEL3.NET
NameServer:     NS1.LEVEL3.NET

So this is IP for grc.com is coming from level 3s block at their DC.

You can use the same methods to find where an IP is originating from and
using other tools to really narrow things down.

rDNS records are typically setup for servers who IP need it for running a
mail server, there is quite a few mail services that wont accept mail from
IP(s) that do not have this feature setup.
You can run a simple rdns check like this -

nightrider:~$ host madslice.net
madslice.net has address 173.230.142.94

then reversing the IP shows you my VPS is at linode -
nightrider:~$ host 173.230.142.94
94.142.230.173.in-addr.arpa domain name pointer li182-94.members.linode.com.


Cheers

On Mon, Sep 13, 2010 at 10:23 AM, Derek Atkins <warlord at mit.edu> wrote:

> Ron Frazier <atllinuxenthinfo at c3energy.com> writes:
>
> [snip]
> > Your Internet connection's IP address is uniquely associated with the
> > following "machine name":
> >
> > c-76-97-157-166.hsd1.ga.comcast.net
> >
> > So, he not only knows I'm in GA, he knows my ISP.  Not sure how that's
> done.
>
> "Reverse-DNS."  You can look up data (PTR records) in the
> z.y.x.w.in-addr.arpa domain for IP Address w.x.y.z and if the ISP (like
> Comcast) has put in information then that's what you'll get.  But it
> could be completely random if the IP Address is via your own net-block.
>
> So while Comcast is good about reverse-DNS pointer records, not all ISPs
> are, and generally you cannot assume that PTR records contain GEO
> information.  For example, I can assure you that 130.207.160.29 is in
> Georgia, but DNS certainly wouldn't tell you directly.
>
> -derek
>
> --
>       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>       Member, MIT Student Information Processing Board  (SIPB)
>       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>       warlord at MIT.EDU                        PGP key available
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20100913/ed06b33e/attachment-0001.html 


More information about the Ale mailing list