Re: Skype Spyware

On Fri, 25 May 2007, in the Usenet newsgroup comp.os.linux.networking, in
article <f37d9b$jui$1@xxxxxxxxxxxxxxx>, Ben Carr wrote:

How can I find out the complete name of the destination? In netstat
it seems to be shortened.

netstat -n will give you the numeric IPs of machines you are connected
to. You can then use resolveip to get the names if you need them.

"resolveip" is another whizzy tool to perform DNS lookups. This one
at least uses normal resolver calls, and will therefore consult the
host services listed in /etc/nsswitch.conf (meaning that for most, it
will look at the contents of /etc/hosts in addition to a normal DNS
lookup). Most people don't have this tool (part of MySQL) installed,
but can use one of the bind utilities:

[compton ~]$ whatis dig dnsquery host nslookup
dig (1) - send domain name query packets to name servers
dnsquery (1) - query domain name servers using resolver
host (1) - look up host names using domain server
nslookup (8) - query Internet name servers interactively
[compton ~]$

Where these tools fail is that there are a significant number of
network administrators who don't feel the need to follow the RFCs
which _require_ DNS PTR records (RFCs 1034, 2050, 2131 among others)
or are to incompetent and don't know how to configure their name server
zone files. Likewise, many residential providers (cable, DSL, dialin)
use meaningless generic hostnames - usually incorporating the IP address
as a part of the name - such as c-67-164-209-122.hsd1.ca.comcast.net
which is 67.164.209.122 (some 0wn3d windoze box in the Sacramento,
California area), or ool-44c0dcc7.dyn.optonline.net (the 44c0dcc7 is
hexadecimal for 68.192.220.199 - being used by a spammer in Northeast
New Jersey). Often, you will find that a tool that queries the RIR
whois databases is more useful.

Old guy
.