How to Identify suspect IP address
Not strictly a linux question, but does anyone know how to identify a suspect IP address in the web server logs. In other words is there a web site where I can enter the IP address and find out which ISP that address belongs to? Thanks * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Opinions, advice, conclusions and other information in this message that do not relate to the official business of Flintshire County Council shall be understood as neither given nor endorsed by it or on its behalf, and consequently Flintshire County Council shall bear no responsibility whatsoever in respect thereof. Deellir na fydd unrhyw safbwyntiau, na chynghorion, na chasgliadau nac unrhyw wybodaeth arall yn y neges hon, nad ydynt yn berthnasol i waith swyddogol Cyngor Sir y Fflint, yn cael eu cynnig na'u cadarnhau ganddo nac ar ei ran, ac felly ni fydd Cyngor Sir y Fflint yn derbyn unrhyw gyfrifoldeb am y rhannau hynny o'r neges. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
I use a script which does a pretty good job... It even tries to go down netblocks (incase the address range is split) -Andy- #!/bin/sh if [ "$#" -lt "1" ] then echo "lookup <ip address>" else nslookup $1 echo whois $1@whois.internic.net whois $1@whois.ripe.net whois $1@whois.arin.net if [ `whois $1@whois.arin.net | grep "(NET" | wc -l` -gt 0 ] then whois $1@whois.arin.net | grep "(NET" >/tmp/lookup.tmp exec 5<&0 exec 0
Not strictly a linux question, but does anyone know how to identify a suspect IP address in the web server logs. In other words is there a web site where I can enter the IP address and find out which ISP that address belongs to?
Thanks
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Opinions, advice, conclusions and other information in this message that do not relate to the official business of Flintshire County Council shall be understood as neither given nor endorsed by it or on its behalf, and consequently Flintshire County Council shall bear no responsibility whatsoever in respect thereof.
Deellir na fydd unrhyw safbwyntiau, na chynghorion, na chasgliadau nac unrhyw wybodaeth arall yn y neges hon, nad ydynt yn berthnasol i waith swyddogol Cyngor Sir y Fflint, yn cael eu cynnig na'u cadarnhau ganddo nac ar ei ran, ac felly ni fydd Cyngor Sir y Fflint yn derbyn unrhyw gyfrifoldeb am y rhannau hynny o'r neges.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
-- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com
============================================================ Andrew Johnson, Technical Consultant Drive Computer Services Tel +44 (0)1924 280388 Extn 223 Fax +44 (0)1924 280117 Mobile +44 (0)7970 284594 Vmail/Fax +44 (0)7092 362849 Email : andrew.johnson@drivecomputing.co.uk { The contents of this communication (plus any attachments which may be included along with it) are solely intended for the individual(s) and/or group(s) listed as a recipient above. None of the contents should be relayed in any form to any third party without the prior consent of the author. All opinions expressed are my own and not necessarily those of my employer. }
hi,
What you can do is to do a "whois" check.
e.g. whois 212.34.58.11
By this way you can see which company the ip belongs.
Note that "whois" must be installed to your linux box to do that.
byes.
Erol YILDIZ
----- Original Message -----
From:
Not strictly a linux question, but does anyone know how to identify a suspect IP address in the web server logs. In other words is there a web site where I can enter the IP address and find out which ISP that address belongs to?
Thanks
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Opinions, advice, conclusions and other information in this message that do not relate to the official business of Flintshire County Council shall be understood as neither given nor endorsed by it or on its behalf, and consequently Flintshire County Council shall bear no responsibility whatsoever in respect thereof.
Deellir na fydd unrhyw safbwyntiau, na chynghorion, na chasgliadau nac unrhyw wybodaeth arall yn y neges hon, nad ydynt yn berthnasol i waith swyddogol Cyngor Sir y Fflint, yn cael eu cynnig na'u cadarnhau ganddo nac ar ei ran, ac felly ni fydd Cyngor Sir y Fflint yn derbyn unrhyw gyfrifoldeb am y rhannau hynny o'r neges.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * *
-- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com
That method only does a single registry lookup on whois.internic.net -Andy- On 13 Sep 2001 at 17:59, Erol YILDIZ wrote:
hi,
What you can do is to do a "whois" check. e.g. whois 212.34.58.11 By this way you can see which company the ip belongs. Note that "whois" must be installed to your linux box to do that.
byes.
Erol YILDIZ
----- Original Message ----- From:
To: Sent: Thursday, September 13, 2001 3:28 PM Subject: [suse-linux-uk-schools] How to Identify suspect IP address Not strictly a linux question, but does anyone know how to identify a suspect IP address in the web server logs. In other words is there a web site where I can enter the IP address and find out which ISP that address belongs to?
Thanks
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Opinions, advice, conclusions and other information in this message that do not relate to the official business of Flintshire County Council shall be understood as neither given nor endorsed by it or on its behalf, and consequently Flintshire County Council shall bear no responsibility whatsoever in respect thereof.
Deellir na fydd unrhyw safbwyntiau, na chynghorion, na chasgliadau nac unrhyw wybodaeth arall yn y neges hon, nad ydynt yn berthnasol i waith swyddogol Cyngor Sir y Fflint, yn cael eu cynnig na'u cadarnhau ganddo nac ar ei ran, ac felly ni fydd Cyngor Sir y Fflint yn derbyn unrhyw gyfrifoldeb am y rhannau hynny o'r neges.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * *
-- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com
-- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com
============================================================ Andrew Johnson, Technical Consultant Drive Computer Services Tel +44 (0)1924 280388 Extn 223 Fax +44 (0)1924 280117 Mobile +44 (0)7970 284594 Vmail/Fax +44 (0)7092 362849 Email : andrew.johnson@drivecomputing.co.uk { The contents of this communication (plus any attachments which may be included along with it) are solely intended for the individual(s) and/or group(s) listed as a recipient above. None of the contents should be relayed in any form to any third party without the prior consent of the author. All opinions expressed are my own and not necessarily those of my employer. }
On Thu, Sep 13, 2001 at 01:28:38PM +0100, Mark_V_Williams@flintshire.gov.uk wrote:
Not strictly a linux question, but does anyone know how to identify a suspect IP address in the web server logs. In other words is there a web site where I can enter the IP address and find out which ISP that address belongs to?
Thanks
Along with nslookup, traceroute is quite a useful utility. -- Frank *-*-*-*-*-*-*-*-*-*-* Boroughbridge. Tel: 01423 323019 --------- PGP keyID: 0xC0B341A3 *-*-*-*-*-*-*-*-*-*-* http://www.esperance-linux.co.uk/
participants (4)
-
Andrew Johnson
-
Erol YILDIZ
-
Frank Shute
-
Mark_V_Williams@flintshire.gov.uk