Investigating host/domain names and IP Addresses

Discussion in 'other software & services' started by TheWindBringeth, Sep 30, 2016.

  1. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    You want to investigate one of these. What do YOU do? What tools and/or techniques do you find helpful?

    I'll start with an example. A DNS scenario one might encounter during an OCSP check at ocsp.verisign.com:
    1. ocsp.verisign.com. CNAME ocsp-ds.ws.symantec.com.edgekey.net.
    2. ocsp-ds.ws.symantec.com.edgekey.net. CNAME e8218.dscb1.akamaiedge.net.
    3. e8218.dscb1.akamaiedge.net. A 23.4.187.27
    4. 27.187.4.23.in-addr.arpa. PTR a23-4-187-27.deploy.static.akamaitechnologies.com.
    Which would frustrate users if they want to investigate a firewall report containing limited info about the remote server. Such as:
    • 23.4.187.27
    • 23.4.187.27 (a23-4-187-27.deploy.static.akamaitechnologies.com)
    • e8218.dscb1.akamaiedge.net [23.4.187.27]

    Edit: I looked over my own, probably lagging, list of links and here are a few that may be of use to someone:

    https://centralops.net/co/
    https://www.robtex.com/
    https://www.virustotal.com/en/#search
    https://www.digwebinterface.com/
    https://www.nexcess.net/resources/tools/global-dns-checker/
    http://viewdns.info/
    https://whoisology.com/
    https://www.senderbase.org

    I also took DNSQuerySniffer (NirSoft) for a spin. First impression was positive. It looks like a convenient way to focus on DNS activity. Be it for short-duration testing or longer-duration capture & save (in multiple formats). I didn't see a way to configure it to perform its own reverse lookups on the IP Addresses it sees. Which would help users to spot IP Addresses associated with parties of interest. However, it would be easy enough to script extract the addresses from one of the save file formats, do your own PTR lookups, then append your results so that they too could be found when searching the save file.
     
    Last edited: Sep 30, 2016
Loading...