I blocked a trojan and am wondering where it came from.
It appears it's come from 203.164.168.62. How do I find out where/what this
address is.
First look it up at the ARIN site. That may give you the information you
want (if the IP address is a North American one) or may refer you to
another registry site. If you get a reference to another registry, repeat
the lookup on their site. You could get referred again. For example,
ARIN could refer you to APNIC who could in return refer you to KRNIC for a
Korean IP address.
ARIN's home page is at:
http://www.arin.net/
and their "WHOIS Help" page,
http://www.arin.net/tools/whois_help.html
has links to:
"AfriNIC WHOIS" (primarily African addresses)
http://www.afrinic.net/cgi-bin/whois
"APNIC WHOIS" (primarily Asian-Pacific addresses, including Australia)
http://www.apnic.org/search/index.html
"LACNIC WHOIS" (primarily Latin American addresses)
http://lacnic.net/cgi-bin/lacnic/whois
"RIPE WHOIS" (primarily European addresses)
http://www.ripe.net/perl/whois/
"InterNIC"
http://www.internic.net/whois.html
"DoDNIC" (you don't want to mess with these guys)
http://www.nic.mil/dodnic/
In the case of 203.164.168.62, when a whois lookup is made for that IP
address ARIN points to APNIC:
http://ws.arin.net/cgi-bin/whois.pl
: Output from ARIN WHOIS
[snip]
: Search results for: 203.164.168.62
:
:
:
: OrgName: Asia Pacific Network Information Centre
: OrgID: [5] APNIC
: Address: PO Box 2131
: City: Milton
: StateProv: QLD
: PostalCode: 4064
: Country: AU
:
: ReferralServer: whois://whois.apnic.net
:
: NetRange: [6] 202.0.0.0 - [7] 203.255.255.255
: CIDR: 202.0.0.0/7
: NetName: [8] APNIC-CIDR-BLK
: NetHandle: [9] NET-202-0-0-0-1
: Parent:
: NetType: Allocated to APNIC
[snip]
Another lookup, this time on the APNIC site, identifies the IP address as
belonging to @Home Network Australia with abuse reports to be sent to
Optus Internet:
: trouble: Send spam/abuse reports to abuse [at] optusnet.com.au
('@' in email addresses below all changed to " [at] " to reduce spammer
harvesting.)
http://www.apnic.net/apnic-bin/whois.pl
: % [whois.apnic.net node-2]
: % Whois data copyright terms [14]
http://www.apnic.net/db/dbcopyright.html
: inetnum: 203.164.96.0 - 203.164.255.255
: netname: ATHOME-AU
: descr: @Home Network Australia
: descr: @Home Network Australia intial HE and
: descr: Infrastructure allocations
: country: AU
: admin-c: [15] OI3-AP
: tech-c: [16] OI3-AP
: remarks: For abuse issues, please email abuse [at] optushome.com.au
: mnt-by: [17] APNIC-HM
: mnt-lower: [18] MAINT-AU-ATHOME
: changed: hostmaster [at] apnic.net 20000619
: changed: hostmaster [at] apnic.net 20000901
: changed: hostmaster [at] apnic.net 20010720
: changed: hostmaster [at] apnic.net 20020319
: status: ALLOCATED PORTABLE
: source: APNIC
: role: Optus Internet
: address: Level 3, 11 Help Street
: address: Chatswood, NSW 2067
: country: AU
: phone: +61-2-9027-1127
: fax-no: +61-2-9027-1035
: e-mail: oie-netops [at] optus.com.au
: trouble: Send spam/abuse reports to abuse [at] optusnet.com.au
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: admin-c: [19] OI1-AP
: tech-c: [20] OI1-AP
: nic-hdl: OI3-AP
: notify: oie-netops [at] optus.com.au
: mnt-by: [21] MAINT-AU-OPTUSINTERNET
: changed: oie-netops [at] optus.com.au 20040502
: changed: hm-changed [at] apnic.net 20041020
: changed: hm-changed [at] apnic.net 20041020
: source: APNIC
[snip]
