On Friday 30 November 2001 06:25 am, Pavel Lozhkin wrote:
> Hi !
>
> Does anyone know where i can find one strange programm/service...so on
> I need IP -> e-mail translator ;) Paradox ? Then let me explain my
> thought here
> I need to handle my logs in semi-automatic mode to send e-mails to
> someone who is responsible for IP or network which has been ordinator of
> some attack. I already developed some tools which does that, but main
> thought is to find the tech e-mail contact automaticly, by my program.
> doing that manualy i have been wasting a lot of my time to find each
> tech contact person and then send him a mail.
>
> And to write the programm is not so easy due to very different output of
> all whois services in whole world, and i can't parse all of them
> correctly
>
> It should help just because some administrators do not know that their
> servers are infected by virus/trojan...etc and my mail could help them
> to find and fix the issue.
> And i will not waste my time to do that via horrible whois
> interface....... or web interface of whois.arin.net and so on.
>
> I know that similar thing exists: it is www.spamcop.net which works to
> handle spam mail header and then find an ordinator and tech-contact of
> the spammer.
on a unix system you could use the output of the host command to get see
which part of their domain has a mail exchanger, for example let's say a
machine resolves to ppp104.drp.bigisp.net, first try a "host -t mx
ppp104.drp.bigisp.net", if you dont get a mx record, try drp.bigisp.net, and
finally bigisp.net, this should tell you the domain where you can send the
email, then you would be able to dispatch and email to somethingl ike
[EMAIL PROTECTED] or [EMAIL PROTECTED] whichever had the first mx reccord,
of course if the ip doesn't resolve you could really only find out which
organization is responsible for that range of ip's, which i dont beleive has
any kind of contact information so you might be out of luck there
