[Dshield] Gathering information on an IP address

Bart E. Hawley Sr. bart at texan.net
Wed Sep 24 18:32:46 GMT 2003


You could also use a canned solution from a webpage.

http://www.dnsstuff.com

It will provide essentially the same information as the Dshield php script
minus the attacks and hits to ports. There are also several other very
useful tests and probes available on that page to help you gather further
information. I use dnsstuff.com quite often when researching attacks or
network problems.

Bart E. Hawley Sr.
SysAdmin
BNet., Inc.


----- Original Message ----- 
From: "Brad Morgan" <B-Morgan at concentric.net>
To: "'General DShield Discussion List'" <list at dshield.org>
Sent: Wednesday, September 24, 2003 11:17 AM
Subject: [Dshield] Gathering information on an IP address


> In addition to sending my Netfilter logs to Dshield, I am also storing
them
> in a MySQL database and using IPTables Logger to view the data.
>
> There's a piece of PHP that is called with a numeric IP address (a DNS
> lookup has already been performed returning no answer) that attempts to do
a
> whois on that address.  There's no useful information returned.
>
> A while ago, I remember a post to this list about a procedure, web page,
or
> something at DShield that presented lots of useful information about an IP
> address.  I remember at the time saying I should use this and I thought I
> saved the message but I can't find it now.  Can anyone help me with a
> pointer?
>
> Can you suggest any other things I can do with this numeric IP address
that
> would return useful information.  My guess is that the whois command
that's
> being used hasn't got the correct switches, but there may be better
> solutions.
>
> Regards,
>
> Brad Morgan
>
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>
>




More information about the list mailing list