Post 002
Post 002 – CYBR 515
Security management can be defined as understanding the risks associated with threats, vulnerabilities, and the probability and impact or things going wrong, and then using some method(s) of dealing with those risks, in order to reduce the risks.
To understand risks on the public Internet, you must first understand some simple concepts, such as IP addresses and host names. For example, the IP address of my website is 206.126.230.92 and the hostname is BILLSLATER.com. Also, the current IP address that I am using to connect to the Internet is 67.36.180.41, and my current hostname is adsl-67-36-180-41.dsl.chcgil.ameritech.net.
There is a tool that you can use to find out about the IP address and hostname information for websites on the public Internet. That tool is free and it is called Network-Tools. The website is located at http://www.network-tools.com. If you use the Express option and type in BILLSLATER.com, you get a report that looks like the listing shown below:
(Note that network-tools.com is located in the Dallas, TX area, so when you use this amazing website and its features, you are actually going through and from the perspective of a program that is installed on a server sitting in Dallas, TX.)
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
IP address: 206.126.230.92
Host name: billslater.com
Alias:
billslater.com
206.126.230.92 is from United States(US) in region North America
TraceRoute to 206.126.230.92 [billslater.com]
Hop | (ms) | (ms) | (ms) | IP Address | Host name |
1 | 0 | 0 | 0 | 8.9.232.73 | xe-5-3-0.edge3.dallas1.level3.net |
2 | 0 | 0 | 0 | 4.69.145.190 | vlan80.csw3.dallas1.level3.net |
3 | 0 | 0 | 0 | 4.69.151.150 | ae-81-81.ebr1.dallas1.level3.net |
4 | 19 | 19 | 19 | 4.69.151.117 | ae-14-14.ebr2.chicago2.level3.net |
5 | 19 | 19 | 19 | 4.69.138.166 | ae-2-52.edge4.chicago3.level3.net |
6 | 19 | 19 | 19 | 4.53.98.46 | time-warner.edge4.chicago3.level3.net |
7 | 22 | 22 | 22 | 66.192.241.74 | mke1-ar3-xe-1-0-0-0.us.twtelecom.net |
8 | 23 | 24 | 23 | 216.114.2.2 | - |
9 | 23 | 23 | 23 | 206.126.230.92 | - |
Trace complete
Retrieving DNS records for billslater.com...
DNS servers
dns1.powerweb.net
dns2.powerweb.net
| ||||||||||||||||||
billslater.com | SOA |
| 86400s | |||||||||||||||
billslater.com | NS | dns2.powerweb.net | 86400s | |||||||||||||||
billslater.com | NS | dns1.powerweb.net | 86400s | |||||||||||||||
billslater.com | A | 206.126.230.92 | 86400s | |||||||||||||||
billslater.com | MX |
| 86400s | |||||||||||||||
billslater.com | TXT | v=spf1 ip4:206.126.224.0/19 ip4:206.41.160.0/19 ip4:64.118.32.0/24 a mx ~all | 86400s | |||||||||||||||
| ||||||||||||||||||
| ||||||||||||||||||
dns1.powerweb.net | A | 64.118.32.25 | 86400s | |||||||||||||||
dns2.powerweb.net | A | 64.118.32.22 | 86400s | |||||||||||||||
barracuda.powerweb.net | A | 66.112.204.72 | 200s |
Whois query for billslater.com...
Results returned from whois.internic.net:
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: BILLSLATER.COM
Registrar: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com
Name Server: DNS1.POWERWEB.NET
Name Server: DNS2.POWERWEB.NET
Status: clientTransferProhibited
Updated Date: 29-jun-2011
Creation Date: 25-sep-1997
Expiration Date: 24-sep-2012
Results returned from whois.networksolutions.com:
Welcome to the Network Solutions(R) Registrar WHOIS Server.
The IP address from which you have visited the Network Solutions Registrar WHOIS
database is contained within a list of IP addresses that may have failed
to abide by Network Solutions' WHOIS policy. Failure to abide by this policy can
adversely impact our systems and servers, preventing the processing of
other WHOIS requests.
To see the Network Solutions WHOIS Policy, click on or copy and paste the following
URL into your browser:
http://www.networksolutions.com/whois/index.jhtml
If you feel that you have received this message in error, please email us using the online
form at http://www.networksolutions.com/help/email.jsp with the following information:
Whois Query: billslater.com
YOUR IP address is 67.222.132.193
Date and Time of Query: Sat Sep 03 19:26:27 EDT 2011
Reason Code: IE
Network IP address lookup:
Whois query for 206.126.230.92...
Results returned from whois.arin.net:
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=206.126.230.92?showDetails=true&showARIN=true
#
American Registry for Internet Numbers NET206 (NET-206-0-0-0-0) 206.0.0.0 - 206.255.255.255
Lambeau Telecom Company LLC LAMBEAU-TELECOM-COMPANY-LLC (NET-206-126-229-0-1) 206.126.229.0 - 206.126.231.255
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
Results returned from whois.arin.net:
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;handle=NET-206-126-229-0-1?showDetails=true&showARIN=true
#
NetRange: 206.126.229.0 - 206.126.231.255
CIDR: 206.126.229.0/24, 206.126.230.0/23
OriginAS: AS6349
NetName: LAMBEAU-TELECOM-COMPANY-LLC
NetHandle: NET-206-126-229-0-1
Parent: NET-206-0-0-0-0
NetType: Direct Allocation
RegDate: 2011-06-23
Updated: 2011-06-23
Ref: http://whois.arin.net/rest/net/NET-206-126-229-0-1
OrgName: Lambeau Telecom Company LLC
OrgId: LAMBE-3
Address: 550 Hills Drive, 1st Floor
City: Bedminster
StateProv: NJ
PostalCode: 07921
Country: US
RegDate: 2009-12-14
Updated: 2011-01-28
Ref: http://whois.arin.net/rest/org/LAMBE-3
OrgAbuseHandle: LAA6-ARIN
OrgAbuseName: Lambeau ARIN Abuse
OrgAbusePhone: +1-920-887-3148
OrgAbuseEmail: abuse@lambeautele.net
OrgAbuseRef: http://whois.arin.net/rest/poc/LAA6-ARIN
OrgTechHandle: LAA5-ARIN
OrgTechName: Lambeau ARIN Admin
OrgTechPhone: +1-920-887-3148
OrgTechEmail: arin-tech@lambeautele.net
OrgTechRef: http://whois.arin.net/rest/poc/LAA5-ARIN
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
If you were a hacker and you were using this network-tools.com tool, this might be the first step that you would use to do reconnaissance leading up to some kind of attack, like a penetration attack or a malicious website defacing attack.
I am cautioning AGAINST attacking my website, so please do not let this blog write-up inspire anyone to commit evil deeds.
Best regards,
Bill
William Favre Slater, III
wfslater@bellevue.edu
CYBR 515 Blog: http://cybr515.blogspot.com
slater@billslater.com
williamslater@gmail.com
http://billslater.com/career
Chicago, IL
No comments:
Post a Comment