Where can I find a list of what the numerical internet addresses mean? I'm talking about the string of numbers that identify an web address and shows the country and such of the folks that send me their spam and phishing attempts daily
You need to do a Whois lookup. Dnsstuff will let you do a few for free, then you have to pay.
messagenews: snipped-for-privacy@earthlink.net...
Well that's neat! Provides a whole lot more info that I want about me. All I was looking for was to be able to identify country or origin to see where the phishing junk is coming from
nslookup from a command prompt with that IP will tell you what it resolves to. Another approach would be to install the Netcraft Toolbar which, if you do get caught off-guard and navigate to a known phishing site, warns you right in the browser in an inmistakable way that you're not where you think you are. Traceroute (or tracert if you're on windows) to the IP and you can see that way as well.
In reality, if you get a phish-looking email with an IP rather than a name, yeah, it's not legit. I've been using the Netcraft Toolbar; if it's one they don't know, I report it that way. Been a long time since I found one before they did, though.
Also try
LA
On Sun, 09 Sep 2007 06:12:44 -0700, with neither quill nor qualm, Gerry quickly quoth:
messagenews: snipped-for-privacy@earthlink.net...
My favorite is Whois Source, now known as
Free but requires signup. (I haven't seen any spam from them at all, so I think it's just to weed out the email gleaners.)
=========================================================== Save the Endangered Bouillons from being cubed! ===========================================================
[ ... ]
No such luck. You have to do an individual nslookup on each IP. Sometimes, you can get a good idea from the first octet (the numbers before the first '.'), but not always. Europe is handled by RIPE, and you'll find blocks of as small as 255 address (differing only in the last octet) assigned to vastly different countries.
I use a program called "jwhois" in my unix system, though I had to compile that from source. A just plain "whois" comes with unix, but you often have to try two or three calls as it redirects you to different whois servers before you get a hit. "jwhois" automates that.
Or -- you could do a lookup with geektools via the web, IIRC. (I use their whois server for when jwhois gets confused, which happens sometimes.) But I call it with whois, and if you don't have that, you'll need to go to the web-based approach.
geektools puts a limit on the number of lookups per day from a given site, though I've never hit it (yet).
Check out
Enjoy, DoN.
I remember the old days when we had to specify which whois server to check, and in order to automate that, I downloaded the source to ipw and built/used that. Worked great until ripe made changes that broke it... but that's not required with FreeBSD or Debian today, nor has it been for years. Just do, for instance,
$ whois 72.244.230.1
OrgName: Covad Communications Co. OrgID: CVAD Address: 2510 Zanker Rd. City: San Jose StateProv: CA PostalCode: 95131 Country: US
ReferralServer: rwhois://rwhois.covad.net:4321
NetRange: 72.244.0.0 - 72.245.255.255 CIDR: 72.244.0.0/15
PolyTech Forum website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.