About IP addresses allocated to companies ISPs in blocks

About Private address blocks
Email to an IP address, Domain Name Service, DNS lookups, Reverse lookup, Advanced DNS and more... This page 2/2

About IP (Internet Protocol) Addresses
IP addresses are allocated to companies and ISPs in blocks.
To find out who administers a block of addresses..... Page 1/2

These private address blocks are:

10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

If you see one of these addresses in a received line it means the email has been forwarded around an internal network before being gatewayed to the internet proper.

So far, so froody.

There are some IP addresses in each block reserved for broadcast and other obscure stuff. Check the RFCs--links at bottom of page--if you're really interested.

Email to an IP address
Incidentally, if you want to send email to a machine and you know the machines IP address you can send it to user@[w.x.y.z] So, just for the sake of example, if you were to put this HTML tag:

<A HREF="mailto:postmaster@[127.0.0.1]"></A>

In a web page, and someone were to scan your webpage for email addresses and then try to send spam to them they'd end up sending a copy to postmaster at the machine 127.0.0.1. As we said earlier 127.0.0.1 is always your own machine, so this would make the spammer spam their own system administrator....

Name resolution
IP addresses work pretty well, but they're not as memorable as machine names. So we need some way to map names to addresses (and ideally back again).

Domain Name Service
DNS is a distributed system. The end user doesn't really care about this, but in case you're interested here's how it works. If you try and access http://www.blighty.com then Netscape wakes up and asks Windows what IP address www.blighty.com maps to.

Windows then sends a request to your local nameserver, usually the nameserver of your ISP. If someone else has looked up the address recently the nameserver might already know the answer. If not it realizes that it doesn't know, and works out who might know. Your ISPs nameserver then contacts that nameserver - if it knows it answers. If not, it works out who might know... you get the idea.

Finally the result gets forwarded back to your local nameserver, which caches the result so it can use it again later and passes the answer back to your system - 151.196.75.10.
[In reality it's a bit more formal than that, with 'zones of authority' rather than guesswork to find out who might know the answer]

DNS lookups
You can query a DNS server and get all sorts of good stuff in it, not just the address-name mappings.

Reverse lookup
Finding the hostname given the IP address is very useful. If you're tracing spam you need the domain name to be able to find whois information. Notes: Reverse lookup a DNS whois tool that perform forward and reverse DNS queries for the current address (this will usually give you the IP address of a hostname and the hostname of an IP address)

Click button to

Free2Try
Easy to use
for PC

Free eBook
Sun Tzu
Art of War

Manage bounce
returned email
freeware

Sometimes you can just use the DNS tool on an IP address, and it'll give you the hostname. Sometimes it won't be able to find a hostname. Just because a host has forward DNS from name to address there's no guarantee or requirement for it to have reverse DNS from address to name. Many sites do, many sites don't.

If there's no reverse DNS you need to resort to guerrilla approaches and if there's a web site that's a good bet then do a view source to look at the HTML source, particularly for forms and mailto links. Sometimes telnetting to the machine will give a banner identifying the machine. Or telnetting to other ports on the machine (25, 110, 119) can sometimes give a banner. Then you can use forward DNS to confirm that the address maps back to the right IP.

The port scan tool can scan a range of ports on a machine, to see which are providing services. Then you can telnet to each one in turn to see if any leak information. What if the site is being coy, and trying to hide their domain name? Most virtual web-hosting companies require customers to have a domain name, but if it's not used anywhere and the website is advertised using it's IP address rather than domain name it's hard to find.

On some virtual web servers accessing http://w.x.y.z/stats or http://w.x.y.z/logs triggers a redirect that can give you the name.

Advanced DNS
DNS has all sorts of good stuff in it, not just the address-name mappings. You can get at this with the dig tool--see bottom of page on: Tools provided by Sam Spade and these are some of the things it can tell you: A - The Address of a hostname. There's only one A record for each host.

NS - The authoritative nameserver for a domain.

MX - The mail exchanger for the domain, foror example, there is no such machine as demon.net, yet you can send email to user@demon.net. The MX record tells the mail system to send mail for user@demon.net to user@relay-1.mail.demon.net instead.

CNAME - An alias for a machine. A number of different names may resolve to the same IP address. A CNAME entry for a domain points you at the real name of the system.

HINFO - Hardware and software used by the host

RP - The responsible person for a domain

ANY - All records available

There are around 40 more, but these are the most common.
To see full list, see: advance dig You can also ask for a complete Zone Transfer from a nameserver. This contains all the records it has for a given domain. If there's no reverse DNS setup this can be the only way of getting a full list of the machines within a domain.

You can only do a zone transfer from the name server that is authoritative for a domain, so you need to query your local nameserver to find an authorative server for a domain before doing a zone transfer.

Some of the tools info below are derived from: Internet Protocol Addressing Help Topics - www.samspade.org a spam tracking freeware.

Dig tool, requests all the DNS records for a host or domain

Finger tool, asks a server about one of it's users

Traceroute tool, finds the route packets take between you
and the selected address

PING tool, sends a series of packets to the current address to see
if it's alive and how long it takes packets to make the round trip

Whois is a tool to contact network registries to find out contact information for the current domain or IP address.

nslookup a DNS whois tool that perform forward and reverse DNS queries for the current address (this will usually give you the IP address of a hostname and the hostname of an IP address)

IP Block a multiple server lookup tool for finding the owner of the block of domain or IP address.

SMTP Relay Verify (checking) tool, to find out whether a SMTP server is insecure--therefore allowing anyone to relay email through it. (Spammers relay email through third party mail server which obfuscasates message headers and harder to find the originator)

References - RFC Internet Protocol
RFC791 http://www.faqs.org/rfcs/rfc791.html
RFC1122 http://www.faqs.org/rfcs/rfc1122.html

A more technical tutorial
http://oac3.hsc.uth.tmc.edu/staff/snewton/tcp-tutorial/
Private addresses: RFC1918 http://www.faqs.org/rfcs/rfc1918.html
A good DNS overview http://eeunix.ee.usm.maine.edu/guides/dns/dns.html
Lots of DNS resources http://www.dns.net/dnsrd/
Linux DNS How to http://sunsite.unc.edu/LDP/HOWTO/DNS-HOWTO.html

O'Reilly books - TCP/IP Network Administration http://www.ora.com/catalog/tcp2/noframes.html
DNS and BIND http://www.ora.com/catalog/dns2/noframes.html
Essential Windows NT System Administration http://www.ora.com/catalog/esawinnt/noframes.html
Linux Network Administrator's Guide http://www.ora.com/catalog/linag/noframes.html

End of Page 2/2

About IP (Internet Protocol) Addresses..... Page 1/2
IP addresses are allocated to companies and ISPs in blocks.
To find out who administers a block of addresses you can

Dolly
Kee
Director

ImagePower.com.my
eMail CRM maximized
the life-time value of
my customers.
I recommend it.

For home office PC
Freeware