Subscribe via feed.

Who owns that IP

Posted by Michael on May 20, 2010 – 4:57 pm

You may find your self in a situation where you need to know who owns an IP, and maybe even the netblock. Well today I was in just that boat. An unnamed company that we do business with made a new feature for their website. This feature required our users to have an active X control added to their computer and allowed them to more easily do business with the company. The problems started as soon as we tested this with our first user. We use a Squid Proxy server, and for what ever reason the company’s new feature did not support using an authenticated proxy. This means for our users to use this new feature we will need to allow direct access to their site (and any other server that they use to deliver content to our users browser). We asked for the NetBlock but they only gave us 1 IP. I added this IP to our firewall and allowed the outgoing traffic to go with out needing the proxy and all was good, or so we thought. We tried testing again but something was causing problems.. some stuff would pull up but not others. I found quickly that the company was not just using the 1 IP they gave us, and they had no idea what other IP to tell us about.. (sad for them they dont know what to tell their customers..) To solve this problem I open a terminal window on my linux desktop. I run the command:
whois [IP]
Assuming we were trying to find out about Google this would be the output:

=> whois 74.125.95.99

OrgName: Google Inc.
OrgID: GOGL
Address: 1600 Amphitheatre Parkway
City: Mountain View
StateProv: CA
PostalCode: 94043
Country: US

NetRange: 74.125.0.0 – 74.125.255.255
CIDR: 74.125.0.0/16
NetName: GOOGLE
NetHandle: NET-74-125-0-0-1
Parent: NET-74-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.GOOGLE.COM
NameServer: NS2.GOOGLE.COM
NameServer: NS3.GOOGLE.COM
NameServer: NS4.GOOGLE.COM
Comment:
RegDate: 2007-03-13
Updated: 2007-05-22

OrgTechHandle: ZG39-ARIN
OrgTechName: Google Inc.
OrgTechPhone: +1-650-318-0200
OrgTechEmail: arin-contact@google.com

# ARIN WHOIS database, last updated 2010-05-19 20:00
# Enter ? for additional hints on searching ARIN’s WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at https://www.arin.net/whois_tou.html

As you can see CIDR: 74.125.0.0/16 Google has a nice /16.
This simple command will return the relevant information needed. I was able to see who the netblock belongs to, and what size and range they have. Now I am able to add this new info to my proxypac file, and to my firewall.
Problem solved.

Tags: , ,
This post is under “Linux, Systems Administration” and has 1 respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

1 Respond so far- Add one»

Post a reply