20.1 Tracing a Numeric IP Address with nslookupUsually, all that your system's logs and other messages regarding a break-in will reveal of the intruder is the numeric IP (Internet Protocol) address of the system that he used. (Also, they may show a system name and a user name.) Fortunately, finding out about this system is easy. To get the fully qualified host name for numeric address b1.b2.b3.b4 issue the command nslookup -type=any b4.b3.b2.b1.in-addr.arpa Note that the order of the bytes of the IP address must be reversed. Suppose the logs show the intruder's IP address is 192.9.25.4. Reverse the order of the bytes to get 4.25.9.192. Then issue the command nslookup -type=any 4.25.9.192.in-addr.arpa You will see output similar to Server: mindspring.com Address: 207.69.200.201 4.25.9.192.in-addr.arpa name = pluto.Sun.COM The name to the left of the .COM is the domain name, Sun. |
Top |