Comment connaître le propriétaire d’une @IP
par
popularité : 2%
Comment connaître le propriétaire d’une @IP ???
Après avoir visualisé des fichiers de « log »,
ou utilisé des commandes comme last, lastb. Vous vous rendez
compte qu’une personne c’est connectée sur votre machine à
votre insu ...
Il va falloir garder ces informations !!! surtout
@IP, la date et heure !! Grâce a ces informations on va pouvoir
remonter à la source SI les administrateurs des différentes
machines sont coopératifs , il doivent l’être car c’est
la loi, il ne faut pas l’oublier !!
Voici, un programme « whois 3.1 »
qui va vous permettre de mettre un nom sur une @IP
whois3 : -h host -p port -k | query
When querying a Whois server running RIPE software, you may use
the following flags :
-l <ip-lookup> Returns first level less specific inetnum,
inet6num or route objects, excluding exact matches.
-L <ip-lookup> Returns all level less specific inetnum,
inet6num or route objects, including exact matches.
-m <ip-lookup> Returns first level more specific inetnum,
inet6num or route objects, excluding exact matches.
-M <ip-lookup> Returns all level more specific inetnum,
inet6num or route objects, excluding exact matches.
-x <ip-lookup> Requests that only an exact match on a
prefix be performed. If no exact match is found no objects are
returned.
-c <ip-lookup> Requests first level less specific inetnum
or inet6num objects with the "mnt-irt :" attribute.
-d <ip-lookup> Enables use of the -m, -M, -l and -L flags
for lookups on reverse delegation domains.
-i <attribute-name> <inverse-key> Perform an inverse
query.
-F Produce output using short hand notation for
attribute names.
-K Requests that only the primary keys of an object
to be returned. The exceptions are set objects, where the
members attributes will also be returned. This
flag does not apply to person and role objects.
-k (optional normal query) Requests a persistent connection.
After returning the result the connection will not be closed by the
server and a client may issue multiple queries on the same
connection. Note, that server implements ’stop-and-wait’ protocol,
when no next query can be sent before receiving a reply for the
previous one. Use RIPE whois3 client to be able to send queries in
batch mode. Except the first -k query, -k without an argument closes
the persistent connection.
-g (mirroring request) Request a NRTM stream from the server. See
[REF], section 4. "Mirroring the RIPE Database" for more
information".
-R Switches off use referral mechanism for domain
lookups, so that the database returns an object in the RIPE database
with the exact match with the lookup argument, rather than doing a
referral lookup.
-r Switches off recursion for contact information
after retrieving the objects that match the lookup key.
-T (comma separated list of object types, no white space is
allowed) Restricts the types of objects to lookup in the query.
-a Specifies that the server should perform lookups
in all available sources. See also -q sources" query.
-s (comma separated list of sources, no white space is allowed)
Specifies which sources and in which order are to be looked up when
performing a query.
-q sources Returns the current set of sources along with the
information required for mirroring. See [REF], section 2.9 "Other
server features" for more information.
-q version Displays the current version of the server.
-t <object-type> Requests a template for the specified
object type.
-V<client-tag> Sends information about the client to the
server.
-v <object-type> Requests a verbose template for the
specified object type.
Voici un exemple :
./whois3 62.62.189.100
% This is the RIPE Whois server.
% The objects are in RPSL format.
% Please visit http://www.ripe.net/rpsl for more information.
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html
inetnum : 62.62.189.0 - 62.62.189.255
netname : FR-9TEL-ADSL-IP01
descr : 9TELECOM
descr : 38 quai du point du jour
descr : 92659 Boulogne Billancourt
descr : FRANCE
country : FR
admin-c : CG2185-RIPE
tech-c : DG46-RIPE
tech-c : TEL9-RIPE
status : ASSIGNED PA
notify : RIPE-DBM@9TEL.NET
mnt-by : TEL9-MNT
changed : HOSTMASTER@9TEL.NET 20020515
source : RIPE
route : 62.62.128.0/17
descr : 9TELECOM-BLK
origin : AS12626
mnt-by : TEL9-MNT
changed : hostmaster@9tel.net 20020422
changed : hostmaster@9tel.net 20020513
source : RIPE
role : TELECOM NCC
address : 9TELECOM
address : 38 quai du point du jour
address : 92659 Boulogne Billancourt
address : FRANCE
phone : +33 1 55206001
e-mail : hostmaster@9tel.net
trouble : -------------------------------------------
trouble : Hacking & spamming : abuse@9tel.net
trouble : -------------------------------------------
admin-c : CG2185-RIPE
tech-c : DG46-RIPE
nic-hdl : TEL9-RIPE
remarks : -------------------------------------------
remarks : www.9telecom.fr
remarks : www.9online.fr
remarks : -------------------------------------------
notify : RIPE-DBM@9TEL.NET
mnt-by : TEL9-MNT
changed : HOSTMASTER@9TEL.NET 20020513
source : RIPE
person : Claude GUINTRAND
address : 9TELECOM
address : 38 quai du point du jour
address : 92659 Boulogne Billancourt
address : FRANCE
phone : +33 1 55206036
nic-hdl : CG2185-RIPE
mnt-by : TEL9-MNT
changed : hostmaster@9tel.net 20020513
source : RIPE
person : Damien GOTTARDO
address : 9TELECOM
address : 38 quai du point du jour
address : 92659 Boulogne Billancourt
address : FRANCE
phone : +33 1 55206539
nic-hdl : DG46-RIPE
mnt-by : TEL9-MNT
changed : hostmaster@9tel.net 20020513
source : RIPE
Commentaires Forum fermé