On 20 Sep 2006, in the Usenet newsgroup comp.os.linux.networking, in article
<1158806715.405266.322130@b28g2000cwb.googlegroups. com>, ToddAndMargo@gbis.com
wrote:

> I can get a particuar IP with "hostgotomypc.com" (66.151.158.183)
>but that only gives me one address. I what to block their entire domain,
>including poll.gotomypc.com (66.151.158.177).

Well, a 'whois' on the domain returns

Registrant:
Expertcity, Inc.
5385 Hollister Ave
Suite 111
Santa Barbara, CA 93111
US
Domain Name: GOTOMYPC.COM

and then asking about the address at ARIN, I find

[whois.arin.net]
Internap Network Services PNAP-06-2001 (NET-66-150-0-0-1)
66.150.0.0 - 66.151.255.255
Expertcity PNAP-SJE-EXPERT-RM-02 (NET-66-151-158-0-1)
66.151.158.0 - 66.151.158.255

and asking about 'NET-66-151-158-0-1' does indeed return the same
postal address information.

>Somehow I think that "-d 66.151.158.0/24" would be overkill and may
>actually block some legitimate traffic.

I can't say - we're blocking the /15, and none of my users are complaining
about missing anything - YMMV. Looking at
http://www.TQMcube.com/rblcheck.htm, 66.151.158.0/24 doesn't appear to be
listed directly, but if you google for specific address ranges in the
newsgroups "news.admin.net-abuse.*" you'll probably turn up some hints
about who "owns" an address range, and any problems others are reporting.

>Is there some network command that will tell me this? (Then I can
>grep, sed, and awk my heart out!)

Most distributions come with a 'whois' tool - there are quite a number of
them. Try 'locate whois' and see if one is installed on your system.

Some RFCs to look at:

1834 Whois and Network Information Lookup Service, Whois++. J.
Gargano, K. Weiss. August 1995. (Format: TXT=14429 bytes) (Status:
INFORMATIONAL)

2167 Referral Whois (RWhois) Protocol V1.5. S. Williamson, M. Kosters,
D. Blacka, J. Singh, K. Zeilstra. June 1997. (Format: TXT=136355
bytes) (Obsoletes RFC1714) (Status: INFORMATIONAL)

3912 WHOIS Protocol Specification. L. Daigle. September 2004. (Format:
TXT=7770 bytes) (Obsoletes RFC0954, RFC0812) (Status: DRAFT STANDARD)

The major problem is knowing who to ask. For IP addresses, you would start
with the five Regional Internet Registry (AFRINIC, APNIC, ARIN, LACNIC, and
RIPE). See http://www.iana.org/assignments/ipv4-address-space to get a clue
as to which to ask. They _might_ refer you to other registrars, or they
might refer you to a 'rwhois' server.

For domain names, it's a LOT more complicated. ISO-3166 (two letter country
code) domains can often be found using the five RIRs. Dot coms/net/org/edu
(meaning .com, .net, and so on) should start at IANA, which will identify
the whois server of the domain registrar to contact. .org, .info, .biz, and
the like are much more fun.

[compton ~]$ grep -v '^[A-Z][A-Z] ' domains | column
AERO BIZ COM EDU INFO JOBS MOBI NAME ORG TRAVEL
ARPA CAT COOP GOV INT MIL MUSEUM NET PRO
[compton ~]$

http://www.iana.org/gtld/gtld.htm provides a miniscule more information on
these domains, and what they are used for.

Old guy

ToddAndMargo@gbis.com wrote:
> Hi All,
>
> I am trying to stop unauthorized traffic to and from GoToMyPC (and
> a list
> of others). How to I figure out GoToMyPC's network for my iptables
> "-d xxx.xxx.xxx.0/24" entry? (...0/24 may not always be the case,
> depending
> on subnet mask.)

http://www.citrixonline.com/iprange