Subject: Re: Please scan your computers for viruses
From: AthlonRob
Date: 03/10/2003, 22:01
Newsgroups: alt.sci.seti

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

On Fri, 03 Oct 2003 03:11:02 -0700, Dave Trapnell <dtresearch@earthlink.net> wrote:

I have tried to find a way to obtain the ISP name from the
IP address. I have tried ws_watch 95.08 as well as
http://idl.net/IMAP/imapfaq1.shtml , 
http://www.dnsstuff.com/ , and
http://remote.12dt.com/rns/ ,
as well as putting the IP address into the browser. None of
these techniques has provided useful contact information.


Does Windoze have a 'whois' command on it?  If not, find one... 

Then just do a whois on the IP address.

If that doesn't contain abuse info, do a whois on the names mentioned in 
there.

For example:

rob@dell rob $ whois 12.111.173.22
AT&T WorldNet Services ATT (NET-12-0-0-0-1)
                                  12.0.0.0 - 12.255.255.255
CANBY TELEPHONE ASSOCIATION CANBY-TE743-172 (NET-12-111-172-0-1)
                                  12.111.172.0 - 12.111.175.255
 
# ARIN WHOIS database, last updated 2003-10-02 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

rob@dell rob $ whois NET-12-111-172-0-1 -H
 
OrgName:    CANBY TELEPHONE ASSOCIATION
OrgID:      CANB
Address:    144 SE 2ND AVENUE
City:       CANBY
StateProv:  OR
PostalCode: 97013
Country:    US
 
NetRange:   12.111.172.0 - 12.111.175.255
CIDR:       12.111.172.0/22
NetName:    CANBY-TE743-172
NetHandle:  NET-12-111-172-0-1
Parent:     NET-12-0-0-0-1
NetType:    Reallocated
Comment:
RegDate:    2000-12-27
Updated:    2000-12-27
 
TechHandle: JR1127-ARIN
TechName:   Radke, Justin G.
TechPhone:  +1-503-263-9355
TechEmail:  abuse@web-ster.com
 
# ARIN WHOIS database, last updated 2003-10-02 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

And there we have the abuse address for 12.111.173.22.

SamSpade.org might offer similar services, it's been a few years since 
I've been there, however.


-- 
Rob                                |  If not safe,
Email and Jabber:                  |    one can never be free.
     athlonrob at axpr dot net     |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/fePphm6KEoOOAe0RAgDsAKCagUvL2LwRzs+giGO91XIFP175DwCZAYsr
Nx+LRDAqY9P2ByzilOUT3P8=
=gI/U
-----END PGP SIGNATURE-----