Most of the following is at the command prompt of the nearest Unix/Linux/NetBSD box)
First you ping it to see if it's really there:
[bdobyns_at_dobyns bdobyns]$ ping -c 100 157.55.85.212
PING 157.55.85.212 (157.55.85.212): 56 data bytes
--- 157.55.85.212 ping statistics ---
100 packets transmitted, 0 packets received, 100% packet loss
[bdobyns_at_dobyns bdobyns]$
Of course, it's not. so then you try to do reverse DNS on it.
[bdobyns_at_dobyns bdobyns]$ nslookup
Default Server: dobyns.com
Address: 38.253.170.188
> set type=any
> 212.85.55.157.in-addr.arpa.
Server: dobyns.com
Address: 38.253.170.188
*** dobyns.com can't find 212.85.55.157.in-addr.arpa.: Non-existent host/domain
> 85.55.157.in-addr.arpa.
Server: dobyns.com
Address: 38.253.170.188
*** dobyns.com can't find 85.55.157.in-addr.arpa.: Non-existent host/domain
> 55.157.in-addr.arpa.
Server: dobyns.com
Address: 38.253.170.188
*** dobyns.com can't find 55.157.in-addr.arpa.: Non-existent host/domain
> 157.in-addr.arpa.
Server: dobyns.com
Address: 38.253.170.188
in-addr.arpa
origin = A.ROOT-SERVERS.NET
mail addr = hostmaster.INTERNIC.NET
serial = 2000021014
refresh = 1800 (30M)
retry = 900 (15M)
expire = 604800 (1W)
minimum ttl = 86400 (1D)
> exit
[bdobyns_at_dobyns bdobyns]$
Of course that fails since spammers don't ever have reverse DNS set up right.
Then we try a traceroute, to see if we can "get close" and figure out where it's from.
[bdobyns_at_dobyns bdobyns]$ !/usr
/usr/sbin/traceroute 157.55.85.212
traceroute: Warning: Multiple interfaces found; using 38.253.170.190 _at_ eth0
traceroute to 157.55.85.212 (157.55.85.212), 30 hops max, 40 byte packets
1 ipr254.dobyns.com (38.253.170.254) 2.776 ms 2.666 ms 2.665 ms
2 38-default-gw.psi.net (38.1.1.1) 153.382 ms 152.071 ms 147.602 ms
3 38.18.19.1 (38.18.19.1) 140.295 ms 141.904 ms 161.680 ms
4 rc8.nw.us.psi.net (38.1.43.8) 149.090 ms 155.449 ms 147.925 ms
5 * rc1.nw.us.psi.net (38.1.23.193) 139.237 ms !H *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 *
[bdobyns_at_dobyns bdobyns]$
Which fails miserably, the backbone routers don't even have a path to it. So I try from another box on a different network. This
is to make sure that it's not a routing problem at my ISP. Which it sometimes is.
[bdobyns_at_ns1 bdobyns]$ /usr/sbin/traceroute 157.55.85.212
traceroute to 157.55.85.212 (157.55.85.212), 30 hops max, 40 byte packets
1 router.wwg.com (209.24.64.161) 3.232 ms 3.020 ms 3.952 ms
2 hs-2-0-0-96.a03.mtvwca01.us.ra.verio.net (209.24.0.161) 11.312 ms 14.128 ms 11.260 ms
3 * * *
4 * * *
5 * * hs-2-0-0-96.a03.mtvwca01.us.ra.verio.net (209.24.0.161) 12.440 ms !H
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
Now I believe that it's unroutable.
Finaly we go to
http://www.arin.net/whois/index.html and use the whois tool with our IP address
Microsoft Corporation (NETBLK-MICROSOFT-BBLK)
One Microsoft Way
Redmond, WA 98052
Netname: MICROSOFT-BBLK
Netblock: 157.54.0.0 - 157.60.0.0
Coordinator:
Parameshwaran, Krishnan (KP26-ARIN) KrishnaP_at_MICROSOFT.COM
(206) 882-8080
Record last updated on 14-Oct-1998.
Database last updated on 11-Feb-2000 05:36:03 EDT.
Doh! should have done this first. Which is as good as it gets - it's somewhere inside Microsoft.
Finally, to translate an URL to an IP address, go back to your *nix command prompt, and dig around.
[bdobyns_at_dobyns bdobyns]$ nslookup
Default Server: dobyns.com
Address: 38.253.170.188
> set type=any
> opt-inbroadcasts.net
Server: dobyns.com
Address: 38.253.170.188
Non-authoritative answer:
opt-inbroadcasts.net nameserver = ns.opt-inbroadcasts.net
opt-inbroadcasts.net internet address = 208.26.83.110
Authoritative answers can be found from:
opt-inbroadcasts.net nameserver = ns.opt-inbroadcasts.net
ns.opt-inbroadcasts.net internet address = 63.160.130.115
> server ns.opt-inbroadcasts.net
Default Server: ns.opt-inbroadcasts.net
Address: 63.160.130.115
> opt-inbroadcasts.net
Server: ns.opt-inbroadcasts.net
Address: 63.160.130.115
opt-inbroadcasts.net nameserver = ns.opt-inbroadcasts.net
opt-inbroadcasts.net
origin = opt-inbroadcasts.net
mail addr = root.opt-inbroadcasts.net
serial = 2000021101
refresh = 300 (5M)
retry = 300 (5M)
expire = 300 (5M)
minimum ttl = 300 (5M)
opt-inbroadcasts.net preference = 20, mail exchanger = mail.opt-inbroadcasts.net
opt-inbroadcasts.net internet address = 208.26.83.110
opt-inbroadcasts.net nameserver = ns.opt-inbroadcasts.net
ns.opt-inbroadcasts.net internet address = 63.160.130.115
> ls opt-inbroadcasts.net
[ns.opt-inbroadcasts.net]
$ORIGIN opt-inbroadcasts.net.
_at_ 5M IN A 208.26.83.110
ns1 5M IN A 63.160.130.116
ns 5M IN A 63.160.130.115
> exit
[bdobyns_at_dobyns bdobyns]$
-b
-----
Barry A. Dobyns, barry_at_dobyns.com,
http://barry.dobyns.com
-----Original Message-----
From: allisonp_at_world.std.com <allisonp_at_world.std.com>
To: classiccmp_at_classiccmp.org <classiccmp_at_classiccmp.org>
Date: Friday, February 11, 2000 10:35 AM
Subject: how do I decode 157.55.85.212 to a url?
>
>I have this URL and I'd like to find their netaddress n.n.n.n, how?
>
>******http://opt-inbroadcasts.net/remove/remove4.html
>Apparently this is a spam gatherer as I got mail with this as the way
>to get on their remove list. I suspect it's really a collect list.
>
>Also while looking around (with arp) I have a few address I don't know
>and would like to translate that to a url or domain name.
>
>Allison
>
>
>
Received on Fri Feb 11 2000 - 13:10:37 GMT