Results 1 to 7 of 7
  1. #1
    Join Date
    Dec 2002
    Location
    chica go go
    Posts
    11,858

    Finding Server Owners at The Planet / Server Matrix

    What this tutorial is about
    This tutorial will guide you on the steps needed to find the individual or company who is responsible for a specific server at the planet.

    What You're gonna need
    For windows users, It is recommended that you install jwhois windows whois client. You can find directions for obtaining and installing it at this thread . If you are running a linux or freebsd system, jwhois comes with most distributions of linux. You can pick it up ftom ftp://ftp.gnu.org/gnu/jwhois/ .

    'doing it' on windows
    Step One, Open up your command line window, and find the ip address of the machine you are looking up. This can be accomplished with either nslookup, tracert, or even ping.

    For this example, we're going to look up my friend's website - cameroncox.com .

    C:\>nslookup cameroncox.com
    Server: resolver1.level3.net
    Address: 209.244.0.3

    Non-authoritative answer:
    Name: cameroncox.com
    Address: 70.84.66.196

    C:\>tracert cameroncox.com

    Tracing route to cameroncox.com [70.84.66.196]
    over a maximum of 30 hops:

    1 152 ms 149 ms ^C
    C:\>ping cameroncox.com

    Pinging cameroncox.com [70.84.66.196] with 32 bytes of data

    Reply from 70.84.66.196: bytes=32 time=205ms TTL=55
    Reply from 70.84.66.196: bytes=32 time=187ms TTL=55
    Reply from 70.84.66.196: bytes=32 time=185ms TTL=55
    Reply from 70.84.66.196: bytes=32 time=182ms TTL=55

    Ping statistics for 70.84.66.196:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 182ms, Maximum = 205ms, Average = 189ms

    In each of these commands, the same ip address is returned: 70.84.66.196 .

    Step Two, After obtaining the ip address of cameron's website. We're going to write a simple little command to query rwhois.theplanet.com:4321.

    C:\>whois 70.84.66.196 -h rwhois.theplanet.com -p 4321

    70.84.66.196 is interchangable with whatever the ip address you're looking up is. the -h rwhois.theplanet.com -p 4321 part of the query is required for querying the planet's rwhois server.

    After you hit enter, jwhois is going to spit out alot of information that you may, or may not understand, depending on your experience with computing, and networking. The only real data you need to pay attention to are:

    network:IP-Network-Block:70.84.66.192 - 70.84.66.199
    network:Organization-Name:micheal cottingham
    network:Organization-Cityouth Hill
    network:Organization-State:VA
    network:Organization-Zip:23970
    network:Organization-Country:UNITED STATES
    networkescription-Usage:customer
    networkerver-Pri:ns1.theplanet.com
    networkerver-Sec:ns2.theplanet.com
    network:Tech-Contact;I:[email protected]
    network:Admin-Contact;I:[email protected]
    network:Created:20050223
    network:Updated:20050223

    The first line specifies what ip addresses are bound to this machine. This value may change depending on if your target orders new ip addresses.

    The second line tells us the organization / individual who owns the server. In this case, his name is Michael Cottingham.

    The third, forth, and fifth lines tell us the city, and zip code of owner.

    The fifth line tells us the type of account the target has. In most cases, it will return "Customer".

    The sixth and seventh lines tell us the nameservers the customer is using.

    The next two lines tell us who to contact in the even to fabuse.

    The final two lines tell us when the records were created, and updated. If the user orders new ip addresses, or changes his contact information, the date of the order / change will be displayed.


    'doing it' on *nix
    The steps are pretty much the same, You're just going to have to find the ip address using the "host" tool. All the command arguments are the same, and there won't be any difference in output.


    If you have any questions, reply to this thread, or PM me.


    Happy snooping

  2. #2
    Join Date
    Mar 2003
    Location
    London Ontario, Canada
    Posts
    984
    I have a server there. Are you able to tell me which one?



    Interesting post. Can you provide some of your motivation for sharing this with us?

    Cheers
    Jeff
    www.idologic.com
    www.demologic.com
    A company committed to people serious about their websites - If you don't DO LOGIC - what do you do?Check Us Out

  3. #3
    Join Date
    Dec 2002
    Location
    chica go go
    Posts
    11,858
    I don't have enough time to query each ip address on tp's network to find which server you on.

    It's a useful method for finding server owners, and verifying host identities.

  4. #4
    Join Date
    Nov 2003
    Location
    Cleveland, OH
    Posts
    147

  5. #5
    Join Date
    Dec 2002
    Location
    chica go go
    Posts
    11,858
    It does.

    C:\>whois 70.85.139.98 -h rwhois.theplanet.com -p 4321
    [Querying rwhois.theplanet.com]
    [rwhois.theplanet.com]
    %rwhois V-1.5:003eff:00 rwhois.theplanet.com (by Network Solutions, Inc. V-1.5.9)
    network:Class-Name:network
    network:ID:THEPLANET-BLK-13
    network:Auth-Area:70.84.0.0/14
    network:Network-Name:TPIS-BLK-70-85-139-0
    network:IP-Network:70.85.139.96/28
    network:IP-Network-Block:70.85.139.96 - 70.85.139.111
    network:Organization-Name:J&M Computers
    network:Organization-City:Chagrin Falls
    network:Organization-State:OH
    network:Organization-Zip:44022
    network:Organization-Country:US
    networkescription-Usage:customer
    networkerver-Pri:ns1.theplanet.com
    networkerver-Sec:ns2.theplanet.com
    network:Tech-Contact;I:[email protected]
    network:Admin-Contact;I:[email protected]
    network:Created:20050407
    network:Updated:20050407

    %ok


    Outdated records are the fault of the planet's network manager.

  6. #6
    Join Date
    Jun 2005
    Location
    Internet
    Posts
    449
    Nice tips friends, but didnt work for me

    I use dnsstuff.com to get all my work done. That site is pretty handy and full
    of tools. The only thing is U should not be using a proxy server which has been
    used in ddossing a site .

  7. #7

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •