[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]
Re: how to find which ISP holds a given IP addr.block ?
M K Saravanan rearranged electrons thusly:
> My /var/log/secure shows:
> Apr 4 14:48:08 aukbc3 in.ftpd[17528]: refused connect from 213.48.246.23
> Mar 31 17:16:30 aukbc3 in.ftpd[2808]: refused connect from 203.79.221.51
> Mar 24 02:02:00 aukbc3 in.ftpd[11448]: refused connect from 198.116.10.120
> How to find out to which ISP these IP addr. belong?
whois -h whois.geektools.com ip.add.re.ss (it's a whois proxy, which queries
all the whois servers - netsol, bulkregister etc, plus RIPE, ARIN, APNIC
types)
> Note: host/dig doesnot report any domain name for these addr.
then the IP is likely to be a dhcp assigned / non permanent one - a dialup, say.
> nameserver. using nslookup changed the default server to that and did a lookup
> which shows:
> Name: usr8379-kno.cableinet.co.uk
> Address: 213.48.246.23
> Now to whom I should report about this unauthorised access?
for one of the ips? looks like a cablemodem. try abuse@xxxxxxxxxxxxxxx -
include system logs (and the fact that you are at +0530 IST ...)
For the others, just query geektools.
-s
--
Suresh Ramasubramanian <--> mallet <at> efn <dot> org
EMail Sturmbannfuhrer, Lower Middle Class Unix Sysadmin