JaBenninghoffDAINRAUSCHER.COM

• Next message: Mike Forrester: "Re: sherlock newbie question..."
• Previous message: Chuck Marchman: "Re: Validating IDS Rulesets"
• Maybe in reply to: Sean McHugh: "sherlock newbie question..."
• Next in thread: Mike Forrester: "Re: sherlock newbie question..."
• Maybe reply: Benninghoff, John: "Re: sherlock newbie question..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I use a combination of techniques. nslookup can give helpful information, if
the ISP/institution that owns the IP address has a good naming scheme.
Otherwise, you can use whois -h whois.arin.net or something similar... which
will tell you who actually owns that block of IP addresses (ISP, whatever)

There's a good article about this posted on
http://www.sans.org/y2k/contacting.htm.

Actually getting a response can be more difficult, though.

-----Original Message-----
From: Sean McHugh [mailto:Sean.McHughEPIC.SUNGARD.COM]
Sent: Wednesday, October 18, 2000 2:23 PM
To: FOCUS-IDSSECURITYFOCUS.COM
Subject: sherlock newbie question...

This is a little mundane but, once i've gotten an IP address
of an offender, where do I go to figure out who owns it
after I've tried the following:

-nslookup for a PTR (my assumption is that this never really gets anywhere,
right ?)
-ping -a (hey, i'm desperate here)

thanks.

Sean McHugh, MCP
Sungard ePI Inc.
Regional Systems Administrator
45 Broadway
New York, NY 10006
Wk phone: 212-806-4972

• Next message: Mike Forrester: "Re: sherlock newbie question..."
• Previous message: Chuck Marchman: "Re: Validating IDS Rulesets"
• Maybe in reply to: Sean McHugh: "sherlock newbie question..."
• Next in thread: Mike Forrester: "Re: sherlock newbie question..."
• Maybe reply: Benninghoff, John: "Re: sherlock newbie question..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]