Security Incidents mailing list archives
Re: Finding out who owns particular IP addresses
From: Martin H Hoz-Salvador <mhoz () citi com mx>
Date: Tue, 9 Jan 2001 17:41:00 -0600
I received this request for clarification about how one finds out who 'owns' particular IP addresses. After having spent some time composing a response I thought that there might be other neophytes on the list who will find this useful.If you're a command-line sort of *nix person who doesn't want to rely on someone else's Web sites, you're welcome to get my Perl script that automates whois lookups. It's available at http://rgfsparc.cr.usgs.gov:8090/sysadmin/#whois
Yep. I'm that kind of *nix person. ;-) But, but as I stated at my last "12345 scanning" related post, to do the job of finding to whom belongs certain IP when you have a bulk of them, could be a very hard issue... So, I wrote the script available at: http://www.citi.com.mx/~mhoz/seguridad/findcontact.ksh The functionality is quite simple: just build an IP list (you can do this from almost any firewall/IDS log file using "cat" and "awk"), and then use this file to feed my script. In this way, I found the contacts for 300+ ip addresses whithin 2 hours, more or less, whithout so much workload... and in an automated way... The internal functionality is: first try to determine if the IP has records in other whois database, such as APNIC or RIPE. If does, then query those whois databases. If not, try to find the contact name from the ARIN whois database. Yes, quite simple, it could be done in several better ways, but I found nothing similar done before, it works and it's useful for me. ;-) It's a Korn Shell script, so I'm sorry for NT SysAdmins, but I think it's not so hard to translate it to perl or something... :-) Hope this helps to someone. :-) -- Martin Humberto Hoz Salvador Information Security Consultant (ISS ICU, Check Point CCSE) C I T I Sendero Sur 285 Col. Contry, Monterrey, Nuevo Leon 64860, MEXICO Phone: +(52)(8) 357-2267 x139 Fax: +(52)(8) 357-8047 E-mail: mhoz () citi com mx WWW: http://www.citi.com.mx PGPKey ID: 0x0454E8D9 ICQ Number: 31631540 GIT d- s:(+:+) a-- C+(++++)>$ SILH++++ P++ L+++ E W++ N+ o-- K- w O M V PS+ PE++ Y+ PGP++ t 5 X+ R tv- b+ DI+ D++ G++ e++ h-- r+ y++
Current thread:
- Finding out who owns particular IP addresses Russell Fulton (Jan 08)
- Re: Finding out who owns particular IP addresses maillist (Jan 08)
- Re: Finding out who owns particular IP addresses Marco d'Itri (Jan 09)
- Re: Finding out who owns particular IP addresses Devon Null (Jan 19)
- <Possible follow-ups>
- Re: Finding out who owns particular IP addresses Hartmann, Seamus (Jan 08)
- Re: Finding out who owns particular IP addresses Nexus (Jan 08)
- Re: Finding out who owns particular IP addresses Bob Hillery (Jan 08)
- Re: Finding out who owns particular IP addresses Robert G. Ferrell (Jan 09)
- Re: Finding out who owns particular IP addresses Martin H Hoz-Salvador (Jan 09)
- Re: Finding out who owns particular IP addresses Smith, Lonnie (Jan 11)
- Re: Finding out who owns particular IP addresses Koaps (Jan 11)
- Re: Finding out who owns particular IP addresses Bjorn Djupvik (Jan 11)
- Re: Finding out who owns particular IP addresses Crist Clark (Jan 11)
- Re: Finding out who owns particular IP addresses Octavian Popescu (Jan 11)
- Re: Finding out who owns particular IP addresses Koaps (Jan 11)
- Re: Finding out who owns particular IP addresses Grant Parkinson (Jan 11)
- Re: Finding out who owns particular IP addresses Octavian Popescu (Jan 11)