Professional Documents
Culture Documents
com
Dear customer, thanks for your order and your download from the online readers area of the chapter Identifying attackers Pants down. We hope, you enjoy reading this chapter on your computer screen before you receive the copy of our book. Please do not give this file or prints of this file to third parties. Its only for our customers! Best regards, Ingo Haese
This means that the attacker logged on using provider.com. Unfortunately, there are several IP addresses that cannot be converted into domain names. The following passage may be of help in such cases. Traceroute Where is the attack from? Traceroute is also carried out in the MS DOS shell, and connects your PC to another one that is in the Internet or to a server. In precise terms, Traceroute traces the route of data packages that have reached you from a particular location in the net and vice versa. Internet comprises of several servers and routers that function as stations that convey your data packages further. Traceroute is known as tracert in Windows. Tracert 123.123.12.1
Tracer connects to the computer whose IP has been entered and reveals all stations starting from your Internet connection. Both the IP address as well as the domain name (if available) is displayed. If PING cannot reveal a name, Traceroute will possibly deliver the name of the last or second last station to the attacker, which may enable conclusions concerning the name of the provider used by the attacker and the region from which the attacks are coming. After identifying a provider in this manner (e.g. provider.com), you can obtain more information on this provider at http://www.netsol.com/cgibin/whois/whois .
Copyright 2004: www.hackersbook.com
Foreign domain names can searched for under the WHOIS section of that country. You will find these at http://ww.nic. +national top-leveldomains. e.g. http://www.nic.at for Austria or http://www.nic.ch for Switzerland or http://www.nic.de for Germany. Geographical analysis with NeoTrace Finally, we would like to introduce another tool, NeoTrace, which even gives a graphical display of TRACEROUTE analysis and the connection on a map. A free trial version is available at http://www.neotrace.com. After downloading, you should install while still online to enable Neotrace display the geographical details. Enter your country and the next city to where you are. After installing, you can enter the IP address you are targeting in the area marked Target, then click Go.