tracing ips

[James McDonald]

> thanks. i've done that. what i need to find is the database that has
> the correlation between ip address and geographical location. several
> websites offer this, but none has really resolved it.

The problem you will run into is that some ISP's don't correctly set up their 
in-addr.arpa domains so reverse dns doesn't return anything useful.... And 
going through my firewall logs it's funny how all the hits on my https port 
lately don't have an r-DNS entry. 

If they have got their in-addr.arpa domain set up then you will often get 
useful results by going to samspade.org and just putting the IP into the 
field next to the "do stuff" button this should return a name which in turn 
should have an ASN number which will give you the email address of the person 
to contact regarding issues with that address space.

If they don't have in-addr.arpa set up then tracerouting to the IP can allow 
you to see where the border routers are (which hopefully have a R-DNS entry) 
and perhaps again find the physical network they are on.

If you can get a router one hop away then use that in a dig query and when it 
returns the SOA record you will find an entry like root.ns1.domain.com or 
admin.ns1.domain.com replace replace the first doot with an @ sign 
admin at ns1.domain.com and you have the email address of hopefully the person 
that administers that IP space.

In short you will have to rely on sending a complaint to the ISP's admin as I 
don't think your going to have much success tracing back to a local address 
from an IP.

-- 
James McDonald
Systems Engineer

Public key (824785B3) available at http://www.keyserver.net/