Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

is: whois tricks was : Publishing Nimda Logs

From: "Matthew McGehrin" <mcgehrin () reverse net>
Date: Wed, 8 May 2002 13:44:55 -0400
On FreeBSD you can use the -a flag with the same results. Linux still uses
the older format.

i.e.: whois -a 204.70.128.1

command supports the -a flag for arin lookups.

matthew@monkey:/usr/home/matthew> whois -a 204.70.128.1
Cable & Wireless USA (MCI-HST)  NS.CW.NET
204.70.128.1
Cable & Wireless USA (NETBLK-CW-BACKBONE) CW-BACKBONE
                                                   204.70.0.0 -
204.70.255.255
-- Matthew

----- Original Message -----
From: "Laurence Brockman" <laurence () fluxinc com>
To: "ash" <ashcrow () phreaker net>
Cc: <vuln-dev () securityfocus com>
Sent: Wednesday, May 08, 2002 9:09 AM
Subject: Re: Publishing Nimda Logs



Whois works great. Try the following:

whois -h whois.arin.net x.x.x.x

where x.x.x.x is the attacking IP. Or you can visit www.arin.net and look
Previous By Date Next
Previous By Thread Next

Current thread: