NNTP IP Address spoofing, tracing abuse
Barry Margolin
barmar at bbnplanet.com
Thu Feb 17 20:50:05 UTC 2000
In article <001b01bf7962$fab22cc0$867c06d1 at aranea.cybergood.net>,
Alex Miller <bind-users-nospam at bannerclub.com> wrote:
>In other words, is there one and only
>IP address per name but multiple names
>per IP address, a one-to-many mapping
>or can there be multiple IP addresses
>per name, creating a many-to-many mapping.
You can have multiple PTR records.
>If there is the possibility that the NNTP
>host has many names, then the reverse lookup
>will lead to the wrong place.
Do a forward lookup of the name that the reverse lookup returns, to verify
that it points back to the original IP address.
But a better approach is to do a WHOIS lookup of the IP address, at
whois.arin.net. That will tell you the organization that owns the address
block.
>> 6) Use a whois database to find the contact person for that
>> nntp server.
>>
>> Then from there?
Send the complete header to the contact person. They should be able to
check their logs to find out who was using that client IP address at the
time.
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list