Path: utzoo!news-server.csri.toronto.edu!cs.utexas.edu!uunet!unhd.unh.edu!msel.unh.edu!rg
From: rg@msel.unh.edu (Roger Gonzalez)
Newsgroups: comp.unix.admin
Subject: reversing an address
Message-ID: <1991Mar4.172300.10225@unhd.unh.edu>
Date: 4 Mar 91 17:23:00 GMT
Sender: usenet@unhd.unh.edu (USENET News System)
Distribution: comp
Organization: UNH Marine Systems Engineering Laboratory
Lines: 31
Nntp-Posting-Host: msel.unh.edu

Is there an easy way to get the name associated with an address?  I
usually use nslookup, and set querytype to ptr.  So, yesterday, for
example, when I was trying to figure out who was snooping around one
of my machines, I took their address (129.55.20.2) and did
nslookup
set q=ptr
2.20.55.129.in-addr.arpa

And it told me it was a bad domain.  This -usually- works for me.  The
other ways I get info on an address is by 1) telnetting to it (gives
short name) 2) telnetting to the SMTP port on the machine (tells long
name), 3) fingering at the machine.  If the machine is apparantly closed
off from all access, as 129.55.20.2 was, I use the lserver option of nslookup,
and try to find a nameserver that has the machine in its 'ls' display.

(I ordinarily wouldn't care about anonymous ftps, but the machine connected
to was a PC in an office that I was surprised that anyone had the name for)

Anyway, are there better ways to find out where a ftp-er was coming from?
By the way- is the password typed by anonymous ftp-ers actually stored
anywhere by unmodified ftpd programs?  Or is the "type user@host for
password" just sent to the bit bucket?

-Roger

  
-- 
"The question of whether a computer can think is no more interesting
 than the question of whether a submarine can swim" - Edsgar W. Dijkstra 
rg@[msel|unhd].unh.edu        |  UNH Marine Systems Engineering Laboratory
r_gonzalez@unhh.bitnet        |  Durham, NH  03824-3525