Friday
May132005
209.60.102.107
Friday, May 13, 2005 at 10:15AM
Happy birthday, Joey!
Also, congrats to our friend Helen, who's getting married today!
I recently asked if anyone knew how to find out information about an IP address of an anonymous poster. My curiosity about this topic originated with a rather odd remark posted in my LJ comments section a while back, made odder by the fact they chose to remain anonymous. I've since turned off anonymous posting in my LJ, but it got me thinking to how one would find out more info about a particular IP address. Many thanks to all who replied with advice! In case anyone else out there is interested, here's a summary of the feedback I received:
From Katy:
"I use uwhois.com for such cases, however I would assume those sites might likely all use the same database ...?"
From Rob:
[zen] /home/doc $ dig -x 209.60.102.107
; <<>> DiG 9.2.4 <<>> -x 209.60.102.107
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35589
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 2
;; QUESTION SECTION:
;107.102.60.209.in-addr.arpa. IN PTR
;; ANSWER SECTION:
107.102.60.209.in-addr.arpa. 86400 IN PTR tnt03-615.phlpa.fast.net.
;; AUTHORITY SECTION:
102.60.209.in-addr.arpa. 3600 IN NS dns4.uslec.net.
102.60.209.in-addr.arpa. 3600 IN NS dns5.uslec.net.
102.60.209.in-addr.arpa. 3600 IN NS dns1.uslec.net.
102.60.209.in-addr.arpa. 3600 IN NS dns2.uslec.net.
102.60.209.in-addr.arpa. 3600 IN NS dns3.uslec.net.
Looks like a dialup user from Philadelpha, PA, and is a fast.net customer. The reverse DNS name is the giveaway. tnt03-615 means he dialed up to an Ascend TNT (a big box of modems, essentially), on port 615. phlpa suggests it was Philadelphia, and fast.net is the domain name of the provider.
Of course, you really can't get any further with this. If the person is doing something abusive, you can probably file a complaint with abuse@fast.net (be sure to include date-stamped logs). If you're just curious, you'll have to narrow it down to people in the Philly area. :)"
From Gary M.:
"Yet another useful tool: abuse.net. You can enter a hostname there and it will tell you the address, if any, which that host offers for reporting nastiness by their users."
Also:
"Besides whois, traceroute is an important tool. It's particularly helpful because it tells you what host a private computer is connected to. On a Unix system, just type
traceroute xxx.xxx.xxx.xxx
Traceroute isn't built into the Windoze command line shell, but there are freeware you can use. There are also websites, such as samspade.org, from which you can do a traceroute. They also offer a set of downloadable tools which I haven't had occasion to use, but which includes traceroute, whois, and other good stuff."
From Tony F.:
"Hey, Debbie, for future reference, my favorite place for this kind of thing is:
http://www.dnsstuff.com
There is a huge array of tools there that let you do pings, traceroute, DNS lookups, reverse name lookups, etc.
Even if you've got those tools at your disposal on your own system already, it's sometimes helpful to have a remote site run those same tools for you. For example, if your own local DNS servers are having a problem, you can get a second opinion from their DNS servers.
Very useful!"
From cdenise:
"Search results for: ! NET-209-60-0-0-1
OrgName: USLEC Corp.
OrgID: USLC
Address: 6801 Morrison Blvd
City: Charlotte
StateProv: NC
PostalCode: 28211
Country: US
NetRange: 209.60.0.0 - 209.60.255.255
CIDR: 209.60.0.0/16
NetName: TXFER-FAST-USLEC-BLK-16
NetHandle: NET-209-60-0-0-1
Parent: NET-209-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.FAST.NET
NameServer: NS2.FAST.NET
Comment:
RegDate:
Updated: 2004-07-08
OrgAbuseHandle: ABUSE34-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-704-319-1248
OrgAbuseEmail: abuse@uslec.com
OrgNOCHandle: NOC136-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-800-978-7532
OrgNOCEmail: noc@uslec.com
OrgTechHandle: RUSSE-ARIN
OrgTechName: Russell, Fred
OrgTechPhone: +1-704-319-1333
OrgTechEmail: frussell@uslec.com
# ARIN WHOIS database, last updated 2005-05-06 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database."
Also, congrats to our friend Helen, who's getting married today!
I recently asked if anyone knew how to find out information about an IP address of an anonymous poster. My curiosity about this topic originated with a rather odd remark posted in my LJ comments section a while back, made odder by the fact they chose to remain anonymous. I've since turned off anonymous posting in my LJ, but it got me thinking to how one would find out more info about a particular IP address. Many thanks to all who replied with advice! In case anyone else out there is interested, here's a summary of the feedback I received:
 |
From Katy:
"I use uwhois.com for such cases, however I would assume those sites might likely all use the same database ...?"
From Rob:
[zen] /home/doc $ dig -x 209.60.102.107
; <<>> DiG 9.2.4 <<>> -x 209.60.102.107
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35589
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 2
;; QUESTION SECTION:
;107.102.60.209.in-addr.arpa. IN PTR
;; ANSWER SECTION:
107.102.60.209.in-addr.arpa. 86400 IN PTR tnt03-615.phlpa.fast.net.
;; AUTHORITY SECTION:
102.60.209.in-addr.arpa. 3600 IN NS dns4.uslec.net.
102.60.209.in-addr.arpa. 3600 IN NS dns5.uslec.net.
102.60.209.in-addr.arpa. 3600 IN NS dns1.uslec.net.
102.60.209.in-addr.arpa. 3600 IN NS dns2.uslec.net.
102.60.209.in-addr.arpa. 3600 IN NS dns3.uslec.net.
Looks like a dialup user from Philadelpha, PA, and is a fast.net customer. The reverse DNS name is the giveaway. tnt03-615 means he dialed up to an Ascend TNT (a big box of modems, essentially), on port 615. phlpa suggests it was Philadelphia, and fast.net is the domain name of the provider.
Of course, you really can't get any further with this. If the person is doing something abusive, you can probably file a complaint with abuse@fast.net (be sure to include date-stamped logs). If you're just curious, you'll have to narrow it down to people in the Philly area. :)"
From Gary M.:
"Yet another useful tool: abuse.net. You can enter a hostname there and it will tell you the address, if any, which that host offers for reporting nastiness by their users."
Also:
"Besides whois, traceroute is an important tool. It's particularly helpful because it tells you what host a private computer is connected to. On a Unix system, just type
traceroute xxx.xxx.xxx.xxx
 at the market yesterday! |
Traceroute isn't built into the Windoze command line shell, but there are freeware you can use. There are also websites, such as samspade.org, from which you can do a traceroute. They also offer a set of downloadable tools which I haven't had occasion to use, but which includes traceroute, whois, and other good stuff."
From Tony F.:
"Hey, Debbie, for future reference, my favorite place for this kind of thing is:
http://www.dnsstuff.com
There is a huge array of tools there that let you do pings, traceroute, DNS lookups, reverse name lookups, etc.
Even if you've got those tools at your disposal on your own system already, it's sometimes helpful to have a remote site run those same tools for you. For example, if your own local DNS servers are having a problem, you can get a second opinion from their DNS servers.
Very useful!"
From cdenise:
"Search results for: ! NET-209-60-0-0-1
OrgName: USLEC Corp.
OrgID: USLC
Address: 6801 Morrison Blvd
City: Charlotte
StateProv: NC
PostalCode: 28211
Country: US
NetRange: 209.60.0.0 - 209.60.255.255
CIDR: 209.60.0.0/16
NetName: TXFER-FAST-USLEC-BLK-16
NetHandle: NET-209-60-0-0-1
Parent: NET-209-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.FAST.NET
NameServer: NS2.FAST.NET
Comment:
RegDate:
Updated: 2004-07-08
 (click for bigger image) |
OrgAbuseHandle: ABUSE34-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-704-319-1248
OrgAbuseEmail: abuse@uslec.com
OrgNOCHandle: NOC136-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-800-978-7532
OrgNOCEmail: noc@uslec.com
OrgTechHandle: RUSSE-ARIN
OrgTechName: Russell, Fred
OrgTechPhone: +1-704-319-1333
OrgTechEmail: frussell@uslec.com
# ARIN WHOIS database, last updated 2005-05-06 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database."
| May 2005 comments: Read Blatherchat | Post in Blatherchat | Livejournal comments |
tagged Technonerdgirl
Technonerdgirl
Reader Comments