Try this:
dig -x some.ip.number
I run dig whenever I get spammed. It'll show something like this:
dig -x 208.148.181.21 (that's my current dialup IP)
; <<>> DiG 2.2 <<>> -x
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; Ques: 1, Ans: 1, Auth: 4, Addit: 4
;; QUESTIONS:
;; 21.181.148.208.in-addr.arpa, type = ANY, class = IN
;; ANSWERS:
21.181.148.208.in-addr.arpa. 86400 PTR annex6-port21.ulster.net.
;; AUTHORITY RECORDS:
148.208.in-addr.arpa. 337153 NS NS2.CW.net.
148.208.in-addr.arpa. 337153 NS NS.CW.net.
This reveals that I'm logged on to my ISP (ulster.net)
at "annex6-port21.ulster.net" with connectivity through
Cable & Wireless (CW.net). In a case like this, I would
write to the postmaster at the ISP/school/company.
On Wed, 8 Dec 1999, Jeff Graves wrote:
> I found an the address of someone that was running some services they
> shouldn't have tried to run. Not only did my mail server get hacked but
> an attempt was made on my primary dns server as well. I found an IP that
> repeatedly tried using telnet and finger as well as ftp. How do I find
> who owns it? Tried an nslookup with no luck. Tried a ping with no luck.
> Traceroute turns up a bunch of other IP address in that subnet with no
> domain name. Any ideas?
Regards,
Bob Rankin
---------------------------------[ BOB'S WORLD ]----------------------
No BS Guide to Linux -> My Latest Book - http://bob.rankin.org
The Internet Tourbus -> Free Newsletter - http://www.tourbus.com
Flowers Fast! -> Online Florist - http://www.flowersfast.com
----------------------------------------------------------------------
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
