[Fwd: Re: [SWLUG] How I deal with Bank phishing]

Neil Jones neil at nwjones.demon.co.uk
Wed Dec 14 18:50:02 UTC 2005


On Wed, 2005-12-14 at 17:21, Steve Anderson wrote:
> Neil Jones wrote:
> 
> > Of course that is an obvious thing to do but these guys have got it
> > worked so they get the info before they get shut down. They know they're
> > going to get reported. Quite often anyway they are running sites with no
> > domain name and only and IP address which is a bit more difficult to
> > trace down with absolute certainty.
> 
> Um, am I missing something? Running whois from a shell will tell you who 
> the IP block is registered to. There's an element of certainty there, 
> surely?
> 
> Try whois-ing an IP address like, ooh, 82.68.12.142 and there's my name 
> there together with all my ISP's contact details.
> 
> Steve

Not always. Now may be it my who is. But look at this
It tells me that the IP is owned by RIPE but I am running websites on
this IP. Granted you can go to RIPE's website IGF it were working. Which
it just wasn't when I just tried it.

 >whois 85.8.130.192
                                                                                
OrgName:    RIPE Network Coordination Centre
OrgID:      RIPE
Address:    P.O. Box 10096
City:       Amsterdam
StateProv:
PostalCode: 1001EB
Country:    NL
                                                                                
ReferralServer: whois://whois.ripe.net:43
                                                                                
NetRange:   85.0.0.0 - 85.255.255.255
CIDR:       85.0.0.0/8
NetName:    85-RIPE
NetHandle:  NET-85-0-0-0-1
Parent:
NetType:    Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: SUNIC.SUNET.SE
NameServer: TINNIE.ARIN.NET
NameServer: NS.LACNIC.NET
Comment:    These addresses have been further assigned to users in
Comment:    the RIPE NCC region. Contact information can be found in
Comment:    the RIPE database at http://www.ripe.net/whois
RegDate:    2004-04-01
Updated:    2004-04-06
 
# ARIN WHOIS database, last updated 2005-12-13 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.






More information about the Swlug mailing list