how to find GoToMyPC's network - Security

This is a discussion on how to find GoToMyPC's network - Security ; Hi All, I am trying to stop unauthorized traffic to and from GoToMyPC (and a list of others). How to I figure out GoToMyPC's network for my iptables "-d xxx.xxx.xxx.0/24" entry? (...0/24 may not always be the case, depending on ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: how to find GoToMyPC's network

  1. how to find GoToMyPC's network

    Hi All,

    I am trying to stop unauthorized traffic to and from GoToMyPC (and
    a list
    of others). How to I figure out GoToMyPC's network for my iptables
    "-d xxx.xxx.xxx.0/24" entry? (...0/24 may not always be the case,
    depending
    on subnet mask.)

    I can get a particuar IP with "hostgotomypc.com" (66.151.158.183)
    but
    that only gives me one address. I what to block their entire domain,
    including
    poll.gotomypc.com (66.151.158.177). Somehow I think that
    "-d 66.151.158.0/24" would be overkill and may actually block some
    legitimate traffic.

    Is there some network command that will tell me this? (Then I can
    grep, sed, and awk my heart out!)

    Many thanks,
    -T


  2. Re: how to find GoToMyPC's network

    On 20 Sep 2006, in the Usenet newsgroup comp.os.linux.networking, in article
    <1158806715.405266.322130@b28g2000cwb.googlegroups. com>, ToddAndMargo@gbis.com
    wrote:

    > I can get a particuar IP with "hostgotomypc.com" (66.151.158.183)
    >but that only gives me one address. I what to block their entire domain,
    >including poll.gotomypc.com (66.151.158.177).


    Well, a 'whois' on the domain returns

    Registrant:
    Expertcity, Inc.
    5385 Hollister Ave
    Suite 111
    Santa Barbara, CA 93111
    US
    Domain Name: GOTOMYPC.COM

    and then asking about the address at ARIN, I find

    [whois.arin.net]
    Internap Network Services PNAP-06-2001 (NET-66-150-0-0-1)
    66.150.0.0 - 66.151.255.255
    Expertcity PNAP-SJE-EXPERT-RM-02 (NET-66-151-158-0-1)
    66.151.158.0 - 66.151.158.255

    and asking about 'NET-66-151-158-0-1' does indeed return the same
    postal address information.

    >Somehow I think that "-d 66.151.158.0/24" would be overkill and may
    >actually block some legitimate traffic.


    I can't say - we're blocking the /15, and none of my users are complaining
    about missing anything - YMMV. Looking at
    http://www.TQMcube.com/rblcheck.htm, 66.151.158.0/24 doesn't appear to be
    listed directly, but if you google for specific address ranges in the
    newsgroups "news.admin.net-abuse.*" you'll probably turn up some hints
    about who "owns" an address range, and any problems others are reporting.

    >Is there some network command that will tell me this? (Then I can
    >grep, sed, and awk my heart out!)


    Most distributions come with a 'whois' tool - there are quite a number of
    them. Try 'locate whois' and see if one is installed on your system.

    Some RFCs to look at:

    1834 Whois and Network Information Lookup Service, Whois++. J.
    Gargano, K. Weiss. August 1995. (Format: TXT=14429 bytes) (Status:
    INFORMATIONAL)

    2167 Referral Whois (RWhois) Protocol V1.5. S. Williamson, M. Kosters,
    D. Blacka, J. Singh, K. Zeilstra. June 1997. (Format: TXT=136355
    bytes) (Obsoletes RFC1714) (Status: INFORMATIONAL)

    3912 WHOIS Protocol Specification. L. Daigle. September 2004. (Format:
    TXT=7770 bytes) (Obsoletes RFC0954, RFC0812) (Status: DRAFT STANDARD)

    The major problem is knowing who to ask. For IP addresses, you would start
    with the five Regional Internet Registry (AFRINIC, APNIC, ARIN, LACNIC, and
    RIPE). See http://www.iana.org/assignments/ipv4-address-space to get a clue
    as to which to ask. They _might_ refer you to other registrars, or they
    might refer you to a 'rwhois' server.

    For domain names, it's a LOT more complicated. ISO-3166 (two letter country
    code) domains can often be found using the five RIRs. Dot coms/net/org/edu
    (meaning .com, .net, and so on) should start at IANA, which will identify
    the whois server of the domain registrar to contact. .org, .info, .biz, and
    the like are much more fun.

    [compton ~]$ grep -v '^[A-Z][A-Z] ' domains | column
    AERO BIZ COM EDU INFO JOBS MOBI NAME ORG TRAVEL
    ARPA CAT COOP GOV INT MIL MUSEUM NET PRO
    [compton ~]$

    http://www.iana.org/gtld/gtld.htm provides a miniscule more information on
    these domains, and what they are used for.

    Old guy

  3. Re: how to find GoToMyPC's network

    ToddAndMargo@gbis.com wrote:
    > Hi All,
    >
    > I am trying to stop unauthorized traffic to and from GoToMyPC (and
    > a list
    > of others). How to I figure out GoToMyPC's network for my iptables
    > "-d xxx.xxx.xxx.0/24" entry? (...0/24 may not always be the case,
    > depending
    > on subnet mask.)


    http://www.citrixonline.com/iprange

+ Reply to Thread