Just a question

Discussion in 'adware, spyware & hijack cleaning' started by subratam, Jan 29, 2004.

Thread Status:
Not open for further replies.
  1. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    to all,

    i dunno if anyone have noticed or sure they have noticed... i thought to put up the matter coz its something which may look petty but it can be moulded to much more than it seem..

    when we run hijackthis, scan it and then save if we go at the last line we will see the line is having IP address and I think if I am not wrong it is your machine's IP. Most of us copy the entire content and post it here unknowingly providing the IP address alongwith it. Now it maybe not that probz with some here dial up but some have fixed IP too.

    Dunno if I did put up something stupid but I thought to put it up and I know Wilders will understand what I mean

    Any comments ?

    thx
     
  2. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi Subratam,

    The IPs in the section you mention shows not the IP address of the host running the log but rather the designated DNS servers for that host, so at most the information gained by knowing this is the knowledge of their ISP and DNS servers. But this is important as some malware will alter this setting in order to redirect traffic from the intended destination to the malware's choice destination. So typically we would run whois and nslookup queries on these hosts to ensure they are legitimate DNS servers for some ISP.

    Hope this helps
     
  3. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    hey Dan.
    the Inter LANs wont matter much... will they after all 172.16.x.x and 192.168.x.x s are nothin but LAN IPS.
     
  4. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Not sure what you mean here, but if the DNS servers are on an non-routable IP then there is no way to ensure that they are legit though they probably are as they will likely be internal corporate DNS servers that go to a public forwarder (which would be configured on the DNS server) or to some type of home DSL or cable router that acts as a DNS proxy
     
  5. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    I meant in my post that... in cases like say mine... I have cable internet and in my case in HJT the IP would come as 172.x.0.1 right?
    In that case there are numerous 172.x.0.1s in world... so will that matter in whois?? just as it would matter say for a dial up or variable DNS IP??
    i think I have put my point
    and next .. If an ISP is known how far can a person be traced if at all he can be ??
     
Thread Status:
Not open for further replies.