[Fwd: Re: [SWLUG] How I deal with Bank phishing]
Neil Jones
neil at nwjones.demon.co.uk
Wed Dec 14 18:50:02 UTC 2005
On Wed, 2005-12-14 at 17:21, Steve Anderson wrote:
> Neil Jones wrote:
>
> > Of course that is an obvious thing to do but these guys have got it
> > worked so they get the info before they get shut down. They know they're
> > going to get reported. Quite often anyway they are running sites with no
> > domain name and only and IP address which is a bit more difficult to
> > trace down with absolute certainty.
>
> Um, am I missing something? Running whois from a shell will tell you who
> the IP block is registered to. There's an element of certainty there,
> surely?
>
> Try whois-ing an IP address like, ooh, 82.68.12.142 and there's my name
> there together with all my ISP's contact details.
>
> Steve
Not always. Now may be it my who is. But look at this
It tells me that the IP is owned by RIPE but I am running websites on
this IP. Granted you can go to RIPE's website IGF it were working. Which
it just wasn't when I just tried it.
>whois 85.8.130.192
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
ReferralServer: whois://whois.ripe.net:43
NetRange: 85.0.0.0 - 85.255.255.255
CIDR: 85.0.0.0/8
NetName: 85-RIPE
NetHandle: NET-85-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: SUNIC.SUNET.SE
NameServer: TINNIE.ARIN.NET
NameServer: NS.LACNIC.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 2004-04-01
Updated: 2004-04-06
# ARIN WHOIS database, last updated 2005-12-13 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
More information about the Swlug
mailing list