[lug] Decoding partial IP addresses

Nate Duehr nate at natetech.com
Tue May 18 17:05:37 MDT 2010 

whois command is your friend.  Assuming the IPs have been properly 
SWIP'ed to the sub-owners, etc.

Ask any old-school Unix admin and you'll learn another trick... although 
it's not usually the first or best option...

Turn OFF access, and if someone REALLY needed it, they'll call screaming 
and hollering.  :-)

Sometimes you find old crufty access rules lying around, quietly turn 
them off, and find that no one has used them in years, or even cares 
anymore... thus, making your security better...

It's usually best to actually figure out what the access was granted for 
in the first place, and re-analyze it.  After you get COMPLETE control 
over your ACL's, and if the company culture is well-educated and 
understands security ... it'd be best to document all special access 
like that, somewhere centralized.

Nate

On 5/18/2010 4:33 PM, Vince Dean wrote:
> I'm looking at a .htaccess file (the per-directory access control
> file for Apache) and seeing entries like the following:
>
>     allow from 195.83.22.
>     allow from 128.100.80.
>
> I would like to know which organizations are being given access here.
>
> I'm taking over management of a system and there are lots
> of configuration details like these to figure out.
>
> I understand that these entries describe the 24-bit prefix of the
> allowed IP addresses, which should identify the subnet in
> question, and could presumably be associated with a specific
> organization.
>
> I know how to use host or nslookup to decode a complete IP address,
> but I don't know what to do with a partial address.
>
> I was actually able to answer my question quickly by running
> host on some arbitrary addresses within the subnet:
>
>     host xx.xx.xx.1
>     host xx.xx.xx.2
>     etc.
>
> but I would like to know if there is a more general way to find out who
> owns (if that's the right word) a particular part of the IP
> address space.  More for my general understanding than to solve an
> immediate problem.
>
> Any suggestions?
>
> Thanks,
> Vince
>
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>

More information about the LUG mailing list