[lug] looking up ip's

Nate Duehr nate at natetech.com
Mon Sep 4 16:24:11 MDT 2000

Here's some more info...

(Sorry, sending from my Windoze box to facilitate cut n' paste... X
problems...  heh)

dig 109.127.210.in-addr.arpa

; <<>> DiG 8.2 <<>> 109.127.210.in-addr.arpa
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;;      109.127.210.in-addr.arpa, type = A, class = IN

109.127.210.in-addr.arpa.  1D IN SOA  ns.nuri.net. domain.nuri.net. (
                                        990504          ; serial
                                        6H              ; refresh
                                        1H              ; retry
                                        1w3d            ; expiry
                                        1D )            ; minimum

;; Total query time: 722 msec
;; FROM: telluride to SERVER: default --
;; WHEN: Mon Sep  4 16:18:13 2000
;; MSG SIZE  sent: 42  rcvd: 96

So nuri.net... who are they?

dig ns.nuri.net

; <<>> DiG 8.2 <<>> ns.nuri.net
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;;      ns.nuri.net, type = A, class = IN

ns.nuri.net.            1d23h59m2s IN A

nuri.NET.               1d23h59m2s IN NS  NS.CW.NET.
nuri.NET.               1d23h59m2s IN NS  NS.JP.PSI.NET.
nuri.NET.               1d23h59m2s IN NS  ns.nuri.net.
nuri.NET.               1d23h59m2s IN NS  NS2.nuri.NET.

NS.CW.NET.              1d20h24m51s IN A
NS.JP.PSI.NET.          1d23h59m2s IN A
ns.nuri.net.            1d23h59m2s IN A
NS2.nuri.NET.           1d23h59m2s IN A

;; Total query time: 3 msec
;; FROM: telluride to SERVER: default --
;; WHEN: Mon Sep  4 16:17:54 2000
;; MSG SIZE  sent: 29  rcvd: 193

Inet Inc (NURI-DOM)
   Inet Bldg, 738-37, Yoksam-dong,
   Seoul, 135-080

   Domain Name: NURI.NET

   Administrative Contact, Technical Contact, Zone Contact, Billing Contact:
      Inet Domain Manager  (IDM-ORG)  domain at KR.PSI.NET
      PSINet Korea
      Inet BLDG. 738-37 Yoksam-dong Kangnam-ku
      Fax- +82-2-555-8127

   Record last updated on 23-Jun-2000.
   Record expires on 01-Nov-2000.
   Record created on 31-Oct-1994.
   Database last updated on 4-Sep-2000 16:24:19 EDT.

   Domain servers in listed order:


So it looks like PSINet overseas is the place to complain to...
abuse at kr.psi.net perhaps?

Assuming of course that it's not spoofed.

Good luck.


----- Original Message -----
From: "D. Stimits" <stimits at idcomm.com>
To: "BLUG" <lug at lug.boulder.co.us>
Sent: Monday, September 04, 2000 6:59 PM
Subject: [lug] looking up ip's

> Lately I've been seeing some different ports being tested, usually RPC
> or IMAP related (which are firewalled, and any apps not used are "put on
> ice"). What I'm wondering about is that although it is possible to spoof
> ip's that don't require, I can turn around and do anonymous ftp back
> into that machine, or even get to the telnet prompt and see a linux
> machine.  However, although I can verify that the host really exists, I
> can't find it through either nslookup or host -v. Can anyone give me a
> better idea how to find an ip that I have tested for existence?
> The most recent loggin for sun rpc are from this box:
> pts/3:~> telnet
> Trying
> Connected to (
> Escape character is '^]'.
> Welcome to WOW Linux (Underground)
> login: Connection closed by foreign host.
> One reason I ask here is that often these attempts occur after posting
> somewhere, such as on the BLUG list. It seems that if I can telnet to an
> ip, it must belong to an isp or other registered host...how can I look
> up the owner from a dotted decimal format, when nslookup and host
> commands fail?
> Thanks,
> D. Stimits, stimits at idcomm.com
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list