[lug] MX record lookups
D. Stimits
stimits at idcomm.com
Tue Feb 26 14:55:06 MST 2002
"Riggs, Rob" wrote:
>
> If it doesn't have a "whois" entry, it doesn't have an MX... It sounds like
> they are spoofing hostnames or using bogus reverse lookup data. Your best
> bet in that case is to lookup who owns the IP block and go at it from that
> end. "whois xxx.xxx.xxx.xxx at whois.arin.net" (or whois.apnic.net,
> whois.ripe.net) should do the trick.
Quite possible, though not via spoofing (forged email headers). The real
address seems to be 211.206.215.136. I'm trying to become a bit more
fluent in the means of verifying headers and tracing real sources of
forged headers. I know the 211.206.215.136 is correct, the origio.net
address is the return address, which apparently does not exist. I do
know that a series of these spams are advertising Korean sites and have
.kr domains, plus a few others in asia.
D. Stimits, stimits at idcomm.com
>
> -Rob
>
> -----Original Message-----
> From: D. Stimits [mailto:stimits at idcomm.com]
> Sent: Tuesday, February 26, 2002 2:25 PM
> To: BLUG
> Subject: [lug] MX record lookups
>
> What would be the proper way to find out who owns a domain name (in this
> case origio.net) or who the registar is for that domain, if it is only
> an MX record and normal nslookup or whois does not know anything about
> it? Similar for ip addresses that are in email headers but which have no
> reverse lookup...what is a good way to find out who they are?
>
> D. Stimits, stimits at idcomm.com
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list