Let's say I have an IP address

[Hyperblaze]

I know the box it belongs to is unix (found this through netcraft)

I want to find out the hostname of the box.

I know what domain points to the box but I can't seem to use that to connect to the box.

Is there any command out there that might help me?

 

[cleverhandle]

What exactly are you trying to do? You say you know a domain - do you mean that the box is part of that domain, but that you don't know the exact host within that domain? In that case, do a reverse lookup with dig or host if you're on Unix. If you're on Windows, I'd hope that nslookup could do reverses, but I've never tried. You can use this site, among others to do the same thing.

If you're saying that you've got a hostname that resolves exactly to that IP but can't "connect", whatever that means, then there's probably some firewall or something in the way that's blocking that port.

 

[compusaguy]

he's trying to hack someone. that's probably illegal.

 

[cleverhandle]

Originally posted by: compusaguy
he's trying to hack someone. that's probably illegal.

That's a pretty asinine comment to make without some evidence. Crackers don't tend to hang out for long around here (or, at least, don't talk much about it). The dude's got almost 6000 posts over four years, and you're calling him a cracker? If he wanted to be a cracker, he would have figured out how to find a hostname from an IP a long time ago.

You've been here a week - learn some social skills before you start flinging accusations around.

 

[Hyperblaze]

Originally posted by: cleverhandle
What exactly are you trying to do? You say you know a domain - do you mean that the box is part of that domain, but that you don't know the exact host within that domain? In that case, do a reverse lookup with dig or host if you're on Unix. If you're on Windows, I'd hope that nslookup could do reverses, but I've never tried. You can use this site, among others to do the same thing.

If you're saying that you've got a hostname that resolves exactly to that IP but can't "connect", whatever that means, then there's probably some firewall or something in the way that's blocking that port.

Tried a dig and host. I'm getting the feeling that port 22 is closed on that particular box (although I can't imagine why). Thanks for your ideas!

 

[skyking]

I use some other port for shell access, myself. It prevents random snooping.

 

[rmrf]

Originally posted by: compusaguy
he's trying to hack someone. that's probably illegal.

Do you have anything to contribute to this community? Pretty much all of your posts are like this.

Back on topic, you could try and see if http://www.dnsstuff.com has anything useful for you.

 

[Nothinman]

Get the web server to print you an error page, unless the company is really security conscience chances are good it'll give you a lot of information about the box.

 

[Hyperblaze]

Originally posted by: skyking
I use some other port for shell access, myself. It prevents random snooping.

That's actually not a bad idea

I don't snoop I always do something for a reason. In this case my boss asked me to get some info.

 

[skyking]

That was a bit of sarcasm, but also a clue as to why you did not find SSH where you expected it

 

[Hyperblaze]

Originally posted by: skyking
That was a bit of sarcasm, but also a clue as to why you did not find SSH where you expected it

I thought you were just trying to be humorous. The box I was attempting to connect to was a work box, so unless someone was REALLY bored, found the possibility of that happening non-existant.

 

[skyking]

I've moved all of my servers off 22. I got tired of all the log traffic. I figure they can go bug somebody else, and if they try and scan for the open port, the firewall will take care of banning their IP for me, without any input

 

[Hyperblaze]

Originally posted by: skyking
I've moved all of my servers off 22. I got tired of all the log traffic. I figure they can go bug somebody else, and if they try and scan for the open port, the firewall will take care of banning their IP for me, without any input

if you really want to limit access and log space, you could always setup portsentry, watch on port 22, and only allow certain ips to get in. the only flaw I see is if you have dsl, somehow portsentry just doesn't like watching on interface ppp0.

 

[skyking]

I've played that game, but it always bites me in the nether regions when I am away from my usual offices. I'd have to leave one box open to all, and then ssh over to the others. I prefer the custom higher port, and leaving it open. No one is going to stumble on it without a serious port scan, and that gets caught every time.

 

[Nothinman]

and if they try and scan for the open port, the firewall will take care of banning their IP for me, without any input

So that means all someone has to do to DoS you is portscan you from random spoofed source addresses.

 

[skyking]

Originally posted by: Nothinman

and if they try and scan for the open port, the firewall will take care of banning their IP for me, without any input

So that means all someone has to do to DoS you is portscan you from random spoofed source addresses.

your point? those IP's get shut out. eventually I'd get the news something is up, but how do you handle DoS attacks?

 

[Nothinman]

I've never had to handle a DoS attack and I've never set myself up for one by telling something like portsentry to blacklist IPs whenever it feels like it either.

 

[skyking]

Fair enough. I haven't been DoS'ed either

 

[nweaver]

RH9 Firewall/Webserver for my house. Had SSH on 22, got a bajillion (yes, a bajillion) login attempts. My IPTABLES logs lots of packets, so my logs are big anyway. I hated seeing the login attempts, so I moved it up over 2000. Login attempts (other then me) since then: 0

most script kiddies arn't willing to scan 200+ ports, esp when you are forwarding them to a dummy IP, so it takes forever.

I wonder how my ISP would react to a nessus scan from work.......been a while since I ran one.

 

[Need4Speed]

im not a big fan of dynamic ip blacklisting...that can lead to more problems than its worth. DNS servers are know to send back boat loads of packets that can look like a port scan to firewall, probably not good if a DNS servers makes the blacklist.

security through obscurity, general good security practices and a well patched box are all thats required to keep out the script kiddies. If I notice same jacka$$ bombarding my boxes with ssh attempts I just add the ip manually and drop all packets right at the firewall.