Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: Finding out who owns particular IP addresses

Re: Finding out who owns particular IP addresses

From: Martin H Hoz-Salvador <mhoz_at_citi.com.mx>
Date: Tue, 9 Jan 2001 17:41:00 -0600

> >I received this request for clarification about how one
> >finds out who 'owns' particular IP addresses. After having spent some
> >time composing a response I thought that there might be other neophytes
> >on the list who will find this useful.
>
> If you're a command-line sort of *nix person who doesn't want to rely on
> someone else's Web sites, you're welcome to get my Perl script that automates
> whois lookups. It's available at
>
> http://rgfsparc.cr.usgs.gov:8090/sysadmin/#whois
>

Yep. I'm that kind of *nix person. ;-) But, but as I stated at my last "12345
scanning" related post, to do the job of finding to whom belongs certain IP
when you have a bulk of them, could be a very hard issue... So, I wrote
the script available at:
        http://www.citi.com.mx/~mhoz/seguridad/findcontact.ksh

The functionality is quite simple: just build an IP list (you can do this
from almost any firewall/IDS log file using "cat" and "awk"), and then use
this file to feed my script. In this way, I found the contacts for 300+ ip
addresses whithin 2 hours, more or less, whithout so much workload... and in
an automated way...

The internal functionality is: first try to determine if the IP has
records in other whois database, such as APNIC or RIPE. If does, then query
those whois databases. If not, try to find the contact name from the ARIN
whois database. Yes, quite simple, it could be done in several better ways,
but I found nothing similar done before, it works and it's useful for me. ;-)

It's a Korn Shell script, so I'm sorry for NT SysAdmins, but I think it's
not so hard to translate it to perl or something... :-)

Hope this helps to someone. :-) 

--
Martin Humberto Hoz Salvador
Information Security Consultant (ISS ICU, Check Point CCSE)
C   I   T   I
Sendero Sur  285  Col. Contry,  Monterrey,  Nuevo Leon 64860, MEXICO
Phone: +(52)(8) 357-2267 x139   Fax: +(52)(8) 357-8047
E-mail: mhoz@citi.com.mx        WWW:  http://www.citi.com.mx
PGPKey ID: 0x0454E8D9           ICQ Number: 31631540
GIT d- s:(+:+) a-- C+(++++)>$ SILH++++ P++ L+++ E W++ N+ o-- K- w
O M V PS+ PE++ Y+ PGP++ t 5 X+ R tv- b+ DI+ D++ G++ e++ h-- r+ y++
Received on Jan 10 2001
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos