[lug] looking up ip's
Nate Duehr
nate at natetech.com
Mon Sep 4 16:24:11 MDT 2000
Here's some more info...
(Sorry, sending from my Windoze box to facilitate cut n' paste... X
problems... heh)
dig 109.127.210.in-addr.arpa
; <<>> DiG 8.2 <<>> 109.127.210.in-addr.arpa
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; 109.127.210.in-addr.arpa, type = A, class = IN
;; AUTHORITY SECTION:
109.127.210.in-addr.arpa. 1D IN SOA ns.nuri.net. domain.nuri.net. (
990504 ; serial
6H ; refresh
1H ; retry
1w3d ; expiry
1D ) ; minimum
;; Total query time: 722 msec
;; FROM: telluride to SERVER: default -- 127.0.0.1
;; WHEN: Mon Sep 4 16:18:13 2000
;; MSG SIZE sent: 42 rcvd: 96
So nuri.net... who are they?
dig ns.nuri.net
; <<>> DiG 8.2 <<>> ns.nuri.net
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUERY SECTION:
;; ns.nuri.net, type = A, class = IN
;; ANSWER SECTION:
ns.nuri.net. 1d23h59m2s IN A 203.255.112.34
;; AUTHORITY SECTION:
nuri.NET. 1d23h59m2s IN NS NS.CW.NET.
nuri.NET. 1d23h59m2s IN NS NS.JP.PSI.NET.
nuri.NET. 1d23h59m2s IN NS ns.nuri.net.
nuri.NET. 1d23h59m2s IN NS NS2.nuri.NET.
;; ADDITIONAL SECTION:
NS.CW.NET. 1d20h24m51s IN A 204.70.128.1
NS.JP.PSI.NET. 1d23h59m2s IN A 154.33.63.254
ns.nuri.net. 1d23h59m2s IN A 203.255.112.34
NS2.nuri.NET. 1d23h59m2s IN A 203.255.112.4
;; Total query time: 3 msec
;; FROM: telluride to SERVER: default -- 127.0.0.1
;; WHEN: Mon Sep 4 16:17:54 2000
;; MSG SIZE sent: 29 rcvd: 193
Registrant:
Inet Inc (NURI-DOM)
Inet Bldg, 738-37, Yoksam-dong,
Kangnam-ku
Seoul, 135-080
KR
Domain Name: NURI.NET
Administrative Contact, Technical Contact, Zone Contact, Billing Contact:
Inet Domain Manager (IDM-ORG) domain at KR.PSI.NET
PSINet Korea
Inet BLDG. 738-37 Yoksam-dong Kangnam-ku
Seoul
KR
+82-2-531-7700
Fax- +82-2-555-8127
Record last updated on 23-Jun-2000.
Record expires on 01-Nov-2000.
Record created on 31-Oct-1994.
Database last updated on 4-Sep-2000 16:24:19 EDT.
Domain servers in listed order:
NS.NURI.NET 203.255.112.34
NS2.NURI.NET 203.255.112.4
NS.JP.PSI.NET 154.33.63.254
NS.CW.NET 204.70.128.1
So it looks like PSINet overseas is the place to complain to...
abuse at kr.psi.net perhaps?
Assuming of course that it's not spoofed.
Good luck.
Nate
----- Original Message -----
From: "D. Stimits" <stimits at idcomm.com>
To: "BLUG" <lug at lug.boulder.co.us>
Sent: Monday, September 04, 2000 6:59 PM
Subject: [lug] looking up ip's
> Lately I've been seeing some different ports being tested, usually RPC
> or IMAP related (which are firewalled, and any apps not used are "put on
> ice"). What I'm wondering about is that although it is possible to spoof
> ip's that don't require, I can turn around and do anonymous ftp back
> into that machine, or even get to the telnet prompt and see a linux
> machine. However, although I can verify that the host really exists, I
> can't find it through either nslookup or host -v. Can anyone give me a
> better idea how to find an ip that I have tested for existence?
>
> The most recent loggin for sun rpc are from this box:
> pts/3:~> telnet 210.127.109.189
> Trying 210.127.109.189...
> Connected to 210.127.109.189 (210.127.109.189).
> Escape character is '^]'.
>
> Welcome to WOW Linux (Underground)
> login: Connection closed by foreign host.
>
>
> One reason I ask here is that often these attempts occur after posting
> somewhere, such as on the BLUG list. It seems that if I can telnet to an
> ip, it must belong to an isp or other registered host...how can I look
> up the owner from a dotted decimal format, when nslookup and host
> commands fail?
>
> Thanks,
> D. Stimits, stimits at idcomm.com
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>
More information about the LUG
mailing list