Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

NSLOOKUP ON IP ADDRESS

Posted on 2004-04-15
2
Medium Priority
?
348 Views
Last Modified: 2010-04-11
i did an nslookup of an ip address of someone trying to hack me and i get the following:

adsl-xxx-xxx-xxx.sdf.bellsouth.net

the x's represent the partial ip address

i would like to know the following:

is there any way this could be a proxy server?

what does the sdf portion stand for?

i did an ip2location on this address.  what is the probability that the state is accurate?  or could this be some main server?

any information would be greatly appreciated.  
0
Comment
Question by:abstractionz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Expert Comment

by:dedy_djajapermana
ID: 10840260
it can be a proxy server, but most likely it's a pc connected through DSL broadband connection to bellsouth.net ISP
Try to contact the ISP (of that hacking address), i think you should be able to file complain to them.
http://www.bellsouth.net
0
 
LVL 11

Accepted Solution

by:
PennGwyn earned 200 total points
ID: 10844453
> is there any way this could be a proxy server?

Yes.  Or some poor shmuck's box that has been hacked to function as a proxy.

> what does the sdf portion stand for?

It's a subdomain of bellsouth.net.  It stands for anything BellSouth decided they needed to structure a subdomain for.  You might have to ask them, and they might not want to tell you.

> i did an ip2location on this address.  
> what is the probability that the state is accurate?  

50-50.  IF BellSouth allocates addresses by region (probably a good idea, but there could be exceptions) AND IF the ip2location database knows about their allocations (and is up to date), THEN it might be possible.  But there's every chance that this just found the location of the administrator who registered the net block.

> or could this be some main server?

Fairly unlikely -- it looks like an ADSL client name.

Have you tried a traceroute to the address?  These kinds of client names often don't show geographical info, but router names often do, and so you may get a general sense that way of where the machine is located.  (ip2location may do this internally, or may not.)
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question