[Dshield] Gathering information on an IP address

Brad Morgan B-Morgan at concentric.net
Wed Sep 24 16:17:42 GMT 2003


In addition to sending my Netfilter logs to Dshield, I am also storing them
in a MySQL database and using IPTables Logger to view the data.

There's a piece of PHP that is called with a numeric IP address (a DNS
lookup has already been performed returning no answer) that attempts to do a
whois on that address.  There's no useful information returned.

A while ago, I remember a post to this list about a procedure, web page, or
something at DShield that presented lots of useful information about an IP
address.  I remember at the time saying I should use this and I thought I
saved the message but I can't find it now.  Can anyone help me with a
pointer?

Can you suggest any other things I can do with this numeric IP address that
would return useful information.  My guess is that the whois command that's
being used hasn't got the correct switches, but there may be better
solutions.

Regards,

Brad Morgan





More information about the list mailing list