William Slater's CYBR 515 Blog

William Slater's CYBR 515 Blog
CYBR 515 - Security Architecture and Design

Saturday, September 3, 2011

Post 002 - CYBR 515

Post 002

Post 002 – CYBR 515

Security management can be defined as understanding the risks associated with threats, vulnerabilities, and the probability and impact or things going wrong, and then using some method(s) of dealing with those risks, in order to reduce the risks.

To understand risks on the public Internet, you must first understand some simple concepts, such as IP addresses and host names. For example, the IP address of my website is 206.126.230.92 and the hostname is BILLSLATER.com. Also, the current IP address that I am using to connect to the Internet is 67.36.180.41, and my current hostname is adsl-67-36-180-41.dsl.chcgil.ameritech.net.

There is a tool that you can use to find out about the IP address and hostname information for websites on the public Internet. That tool is free and it is called Network-Tools. The website is located at http://www.network-tools.com. If you use the Express option and type in BILLSLATER.com, you get a report that looks like the listing shown below:

(Note that network-tools.com is located in the Dallas, TX area, so when you use this amazing website and its features, you are actually going through and from the perspective of a program that is installed on a server sitting in Dallas, TX.)

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

IP address: 206.126.230.92
Host name: billslater.com

Alias:
billslater.com
206.126.230.92 is from United States(US) in region North America

TraceRoute to 206.126.230.92 [billslater.com]

Hop

(ms)

(ms)

(ms)

IP Address

Host name

1

0

0

0

8.9.232.73

xe-5-3-0.edge3.dallas1.level3.net

2

0

0

0

4.69.145.190

vlan80.csw3.dallas1.level3.net

3

0

0

0

4.69.151.150

ae-81-81.ebr1.dallas1.level3.net

4

19

19

19

4.69.151.117

ae-14-14.ebr2.chicago2.level3.net

5

19

19

19

4.69.138.166

ae-2-52.edge4.chicago3.level3.net

6

19

19

19

4.53.98.46

time-warner.edge4.chicago3.level3.net

7

22

22

22

66.192.241.74

mke1-ar3-xe-1-0-0-0.us.twtelecom.net

8

23

24

23

216.114.2.2

-

9

23

23

23

206.126.230.92

-

Trace complete

Retrieving DNS records for billslater.com...

DNS servers
dns1.powerweb.net
dns2.powerweb.net


Answer records

billslater.com

SOA

server:

ns.speedsite.com

email:

root@speedsite.com

serial:

2010031507

refresh:

10800

retry:

1800

expire:

3600000

minimum ttl:

86400

86400s

billslater.com

NS

dns2.powerweb.net

86400s

billslater.com

NS

dns1.powerweb.net

86400s

billslater.com

A

206.126.230.92

86400s

billslater.com

MX

preference:

10

exchange:

barracuda.powerweb.net

86400s

billslater.com

TXT

v=spf1 ip4:206.126.224.0/19 ip4:206.41.160.0/19 ip4:64.118.32.0/24 a mx ~all

86400s


Authority records


Additional records

dns1.powerweb.net

A

64.118.32.25

86400s

dns2.powerweb.net

A

64.118.32.22

86400s

barracuda.powerweb.net

A

66.112.204.72

200s

Whois query for billslater.com...

Results returned from whois.internic.net:

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered

with many different competing registrars. Go to http://www.internic.net

for detailed information.

Domain Name: BILLSLATER.COM

Registrar: NETWORK SOLUTIONS, LLC.

Whois Server: whois.networksolutions.com

Referral URL: http://www.networksolutions.com

Name Server: DNS1.POWERWEB.NET

Name Server: DNS2.POWERWEB.NET

Status: clientTransferProhibited

Updated Date: 29-jun-2011

Creation Date: 25-sep-1997

Expiration Date: 24-sep-2012

Results returned from whois.networksolutions.com:

Welcome to the Network Solutions(R) Registrar WHOIS Server.

The IP address from which you have visited the Network Solutions Registrar WHOIS

database is contained within a list of IP addresses that may have failed

to abide by Network Solutions' WHOIS policy. Failure to abide by this policy can

adversely impact our systems and servers, preventing the processing of

other WHOIS requests.

To see the Network Solutions WHOIS Policy, click on or copy and paste the following

URL into your browser:

http://www.networksolutions.com/whois/index.jhtml

If you feel that you have received this message in error, please email us using the online

form at http://www.networksolutions.com/help/email.jsp with the following information:

Whois Query: billslater.com

YOUR IP address is 67.222.132.193

Date and Time of Query: Sat Sep 03 19:26:27 EDT 2011

Reason Code: IE

Network IP address lookup:

Whois query for 206.126.230.92...

Results returned from whois.arin.net:

#

# The following results may also be obtained via:

# http://whois.arin.net/rest/nets;q=206.126.230.92?showDetails=true&showARIN=true

#

American Registry for Internet Numbers NET206 (NET-206-0-0-0-0) 206.0.0.0 - 206.255.255.255

Lambeau Telecom Company LLC LAMBEAU-TELECOM-COMPANY-LLC (NET-206-126-229-0-1) 206.126.229.0 - 206.126.231.255

#

# ARIN WHOIS data and services are subject to the Terms of Use

# available at: https://www.arin.net/whois_tou.html

#

Results returned from whois.arin.net:

#

# The following results may also be obtained via:

# http://whois.arin.net/rest/nets;handle=NET-206-126-229-0-1?showDetails=true&showARIN=true

#

NetRange: 206.126.229.0 - 206.126.231.255

CIDR: 206.126.229.0/24, 206.126.230.0/23

OriginAS: AS6349

NetName: LAMBEAU-TELECOM-COMPANY-LLC

NetHandle: NET-206-126-229-0-1

Parent: NET-206-0-0-0-0

NetType: Direct Allocation

RegDate: 2011-06-23

Updated: 2011-06-23

Ref: http://whois.arin.net/rest/net/NET-206-126-229-0-1

OrgName: Lambeau Telecom Company LLC

OrgId: LAMBE-3

Address: 550 Hills Drive, 1st Floor

City: Bedminster

StateProv: NJ

PostalCode: 07921

Country: US

RegDate: 2009-12-14

Updated: 2011-01-28

Ref: http://whois.arin.net/rest/org/LAMBE-3

OrgAbuseHandle: LAA6-ARIN

OrgAbuseName: Lambeau ARIN Abuse

OrgAbusePhone: +1-920-887-3148

OrgAbuseEmail: abuse@lambeautele.net

OrgAbuseRef: http://whois.arin.net/rest/poc/LAA6-ARIN

OrgTechHandle: LAA5-ARIN

OrgTechName: Lambeau ARIN Admin

OrgTechPhone: +1-920-887-3148

OrgTechEmail: arin-tech@lambeautele.net

OrgTechRef: http://whois.arin.net/rest/poc/LAA5-ARIN

#

# ARIN WHOIS data and services are subject to the Terms of Use

# available at: https://www.arin.net/whois_tou.html

#

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

If you were a hacker and you were using this network-tools.com tool, this might be the first step that you would use to do reconnaissance leading up to some kind of attack, like a penetration attack or a malicious website defacing attack.

I am cautioning AGAINST attacking my website, so please do not let this blog write-up inspire anyone to commit evil deeds.

Best regards,

Bill
William Favre Slater, III
wfslater@bellevue.edu
CYBR 515 Blog:
http://cybr515.blogspot.com
slater@billslater.com
williamslater@gmail.com
http://billslater.com/career
Chicago, IL

No comments:

Post a Comment