How to Identify suspect IP address

older
RE: [suse-linux-uk-schools] How to...

Mark_V_Williams＠flintshire.gov.uk

13 Sep 2001 13 Sep '01

14:48

Not strictly a linux question, but does anyone know how to identify a suspect IP address in the web server logs. In other words is there a web site where I can enter the IP address and find out which ISP that address belongs to? Thanks * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Opinions, advice, conclusions and other information in this message that do not relate to the official business of Flintshire County Council shall be understood as neither given nor endorsed by it or on its behalf, and consequently Flintshire County Council shall bear no responsibility whatsoever in respect thereof. Deellir na fydd unrhyw safbwyntiau, na chynghorion, na chasgliadau nac unrhyw wybodaeth arall yn y neges hon, nad ydynt yn berthnasol i waith swyddogol Cyngor Sir y Fflint, yn cael eu cynnig na'u cadarnhau ganddo nac ar ei ran, ac felly ni fydd Cyngor Sir y Fflint yn derbyn unrhyw gyfrifoldeb am y rhannau hynny o'r neges. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Show replies by date

Andrew Johnson

13 Sep 13 Sep

14:58

New subject: [suse-linux-uk-schools] How to Identify suspect IP address

I use a script which does a pretty good job... It even tries to go down netblocks (incase the address range is split) -Andy- #!/bin/sh if [ "$#" -lt "1" ] then echo "lookup <ip address>" else nslookup $1 echo whois $1@whois.internic.net whois $1@whois.ripe.net whois $1@whois.arin.net if [ `whois $1@whois.arin.net | grep "(NET" | wc -l` -gt 0 ] then whois $1@whois.arin.net | grep "(NET" >/tmp/lookup.tmp exec 5<&0 exec 0

...

Not strictly a linux question, but does anyone know how to identify a suspect IP address in the web server logs. In other words is there a web site where I can enter the IP address and find out which ISP that address belongs to?

Thanks

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Opinions, advice, conclusions and other information in this message that do not relate to the official business of Flintshire County Council shall be understood as neither given nor endorsed by it or on its behalf, and consequently Flintshire County Council shall bear no responsibility whatsoever in respect thereof.

Deellir na fydd unrhyw safbwyntiau, na chynghorion, na chasgliadau nac unrhyw wybodaeth arall yn y neges hon, nad ydynt yn berthnasol i waith swyddogol Cyngor Sir y Fflint, yn cael eu cynnig na'u cadarnhau ganddo nac ar ei ran, ac felly ni fydd Cyngor Sir y Fflint yn derbyn unrhyw gyfrifoldeb am y rhannau hynny o'r neges.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

-- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com

============================================================ Andrew Johnson, Technical Consultant Drive Computer Services Tel +44 (0)1924 280388 Extn 223 Fax +44 (0)1924 280117 Mobile +44 (0)7970 284594 Vmail/Fax +44 (0)7092 362849 Email : andrew.johnson@drivecomputing.co.uk { The contents of this communication (plus any attachments which may be included along with it) are solely intended for the individual(s) and/or group(s) listed as a recipient above. None of the contents should be relayed in any form to any third party without the prior consent of the author. All opinions expressed are my own and not necessarily those of my employer. }

Erol YILDIZ

15:00

New subject: [suse-linux-uk-schools] How to Identify suspect IP address

hi, What you can do is to do a "whois" check. e.g. whois 212.34.58.11 By this way you can see which company the ip belongs. Note that "whois" must be installed to your linux box to do that. byes. Erol YILDIZ ----- Original Message ----- From: To: Sent: Thursday, September 13, 2001 3:28 PM Subject: [suse-linux-uk-schools] How to Identify suspect IP address

...

Not strictly a linux question, but does anyone know how to identify a suspect IP address in the web server logs. In other words is there a web site where I can enter the IP address and find out which ISP that address belongs to?

Thanks

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

...

Opinions, advice, conclusions and other information in this message that do not relate to the official business of Flintshire County Council shall be understood as neither given nor endorsed by it or on its behalf, and consequently Flintshire County Council shall bear no responsibility whatsoever in respect thereof.

Deellir na fydd unrhyw safbwyntiau, na chynghorion, na chasgliadau nac unrhyw wybodaeth arall yn y neges hon, nad ydynt yn berthnasol i waith swyddogol Cyngor Sir y Fflint, yn cael eu cynnig na'u cadarnhau ganddo nac ar ei ran, ac felly ni fydd Cyngor Sir y Fflint yn derbyn unrhyw gyfrifoldeb am y rhannau hynny o'r neges.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

* * *

...

-- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com

Andrew Johnson

15:04

New subject: [suse-linux-uk-schools] How to Identify suspect IP address

That method only does a single registry lookup on whois.internic.net -Andy- On 13 Sep 2001 at 17:59, Erol YILDIZ wrote:

...

hi,

What you can do is to do a "whois" check. e.g. whois 212.34.58.11 By this way you can see which company the ip belongs. Note that "whois" must be installed to your linux box to do that.

byes.

Erol YILDIZ

----- Original Message ----- From: To: Sent: Thursday, September 13, 2001 3:28 PM Subject: [suse-linux-uk-schools] How to Identify suspect IP address

...
Not strictly a linux question, but does anyone know how to identify a suspect IP address in the web server logs. In other words is there a web site where I can enter the IP address and find out which ISP that address belongs to?

Thanks

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

...
Opinions, advice, conclusions and other information in this message that do not relate to the official business of Flintshire County Council shall be understood as neither given nor endorsed by it or on its behalf, and consequently Flintshire County Council shall bear no responsibility whatsoever in respect thereof.

Deellir na fydd unrhyw safbwyntiau, na chynghorion, na chasgliadau nac unrhyw wybodaeth arall yn y neges hon, nad ydynt yn berthnasol i waith swyddogol Cyngor Sir y Fflint, yn cael eu cynnig na'u cadarnhau ganddo nac ar ei ran, ac felly ni fydd Cyngor Sir y Fflint yn derbyn unrhyw gyfrifoldeb am y rhannau hynny o'r neges.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

* * *

...
-- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com

-- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com

Frank Shute

14 Sep 14 Sep

03:34

New subject: [suse-linux-uk-schools] How to Identify suspect IP address

On Thu, Sep 13, 2001 at 01:28:38PM +0100, Mark_V_Williams@flintshire.gov.uk wrote:

...

Not strictly a linux question, but does anyone know how to identify a suspect IP address in the web server logs. In other words is there a web site where I can enter the IP address and find out which ISP that address belongs to?

Thanks

Along with nslookup, traceroute is quite a useful utility. -- Frank *-*-*-*-*-*-*-*-*-*-* Boroughbridge. Tel: 01423 323019 --------- PGP keyID: 0xC0B341A3 *-*-*-*-*-*-*-*-*-*-* http://www.esperance-linux.co.uk/

8270

Age (days ago)

8271

Last active (days ago)

List overview

Download

4 comments

4 participants

participants (4)

Andrew Johnson
Erol YILDIZ
Frank Shute
Mark_V_Williams＠flintshire.gov.uk