[OT] Discovering physical locations Was: Re: Code Red

Sat, 04 Aug 2001 19:30:13 -0700 

From: "Andrew Smith" <[EMAIL PROTECTED]>

> Sorta reminded me of McCarthy (spelling?)

It does, sorta vaguely. (I was quite young when I actually HEARD him ranting
live on television. My comment was mild... {^_-})

> But you brought up another question ...
> how do you determine a source country for
> a list of IP addresses without having to
> do it manually?
> 
> My domain is k1k2.com but it is nowhere
> near the USA

OK, Andrew, you asked. You're VERY likely quite close to Sydney Australia.
Here's how I learned that without even a whois lookup:
--8<--
[root@linux /usr/local/named/local]# traceroute k1k2.com -q1
traceroute to k1k2.com (203.134.158.1), 30 hops max, 38 byte packets
 1  lsanca1-ar7-216-001.lsanca1.dsl.gtei.net (4.35.216.1)  25.273 ms
 2  a4-2-2.lsanca1-cr7.bbnplanet.net (4.24.8.85)  23.491 ms
 3  p3-0.lsanca1-cr5.bbnplanet.net (4.24.4.46)  24.673 ms
 4  p12-2.telstra.bbnplanet.net (4.24.56.114)  23.928 ms
 5  Pos2-2.pad-core3.Sydney.telstra.net (203.50.126.41)  253.388 ms
 6  GigabitEthernet5-0.ken-core4.Sydney.telstra.net (203.50.6.189)  252.819 ms
 7  FastEthernet0-0-0.ken11.Sydney.telstra.net (203.50.13.19)  255.119 ms
 8  primu155s.lnk.telstra.net (139.130.193.106)  263.014 ms
 9  fe0-0.ac02.syd.iprimus.net.au (203.134.0.4)  256.078 ms
10  *
11  239.001.dsl.syd.iprimus.net.au (203.134.163.239)  293.582 ms
12  202.004.dsl.syd.iprimus.net.au (203.134.162.202)  296.290 ms
13  001.007.dsl.syd.iprimus.net.au (203.134.158.1)  296.488 ms
--8<--
I trimmed it for legibility.

By hop 4 I knew you were either in Australia or the link went through Oz on
its way somewhere else.

By hop 5 I had a good suspicion it was Sydney in specific.

Then without even looking up iprimus.au I noticed the address included a
".syd.". Coupled with hop 5 that clues me that you are in or near Sydney.
(And I also notice that "p12-2.telstra.bbnplanet.net" to
"Pos2-2.pad-core3.Sydney.telstra.net" is a VERY slow connection. I suspect
that is the one that transits the Pacific somehow. (That is enough time it
might be a satellite hop.)

You can tell "just a whole lot" with traceroute. "host" is a quick way to see
if the address resolves. (Most of the hits I have received do not reverse
resolve. This is "interesting", indeed.) And "whois 203.134.158." reveals
these interesting addresses:
--8<--
DNS.LIQUID-DATA-LABS.COM
WSS.K1K2.COM
W4K.K1K2.COM
DNS.K1K2.COM
--8<--

Need more?

{^_^}



_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list

Reply via email to