On Sat, 17 Jul 1999, Shashank Tripathi wrote:
> Date: Sat, 17 Jul 1999 19:28:44 +0800
> From: Shashank Tripathi <[EMAIL PROTECTED]>
> To: "Firewalls@Lists. Gnac. Net" <[EMAIL PROTECTED]>
> Subject: Proxy IP?
>
> Hello
>
> I have a problem. I notice that an IP address is accessing my web site very
> often (203.197.220.2) but I cannot seem to identify this IP address. I
> usually do not need to find out about my users, because mine is not a
> commercial site but this person has been accessing 50 times a day since last
> 7 days, and now I am a bit suspicious.
>
> My question is that nslookup and tracert dont give me any information on
> this IP address. Could this be the IP of a proxy server? And if yes, how do
> I find out who this is? (At least the region of the world would help). Is
> there a tool out there that can help me?
>
> I would really appreciate any advice/pointers.
>
> Thanks,
> Shanx
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
Only thing I could think of was to see whose name server answers querries
for that block of addresses. Here's what I tried:
-----------------------------------
$ nslookup
Default Server: ns
Address: 192.32.125.34
> set type=ns
> 203.197.220.2
Server: ns
Address: 192.32.125.34
*** names.lancity.com can't find 203.197.220.2: Non-existent host/domain
> 220.197.203.in-addr.arpa
Server: ns
Address: 192.32.125.34
*** names.lancity.com can't find 220.197.203.in-addr.arpa: Non-existent
host/domain
> 197.203.in-addr.arpa
Server: ns
Address: 192.32.125.34
Non-authoritative answer:
197.203.in-addr.arpa nameserver = svc01.apnic.net
197.203.in-addr.arpa nameserver = ns.apnic.net
------------------------------------
So you might want to start there...
Derek D. Martin | UNIX System Administrator
[EMAIL PROTECTED] | [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
