The whois for the IP address at arin.net should return the SWIP information. unixws1:~/todo $ whois 209.98.16.1 at arin.net [arin.net] Vector Internet Services, Inc. (NETBLK-VECTOR-BLK1) VECTOR-BLK1 209.98.0.0 - 209.98.255.255 Sihope Communications (NETBLK-VECTOR-SIHOPE-1) VECTOR-SIHOPE-1 209.98.16.0 - 209.98.31.255 To single out one record, look it up with "!xxx", where xxx is the handle, shown in parenthesis following the name, which comes first. The ARIN Registration Services Host contains ONLY Internet Network Information: Networks, ASN's, and related POC's. Please use the whois server at rs.internic.net for DOMAIN related Information and whois.nic.mil for NIPRNET Information. Lack of reverse DNS information does not mean lack of SWIP information. For some reason that whole netblock is missing, which is interesting. You should be able to contact whoever is the last identifiable hop (alternet you said?) and ask them for help on tracing it further. Just tell them you're getting bogons from an IP address in one of their customers netblocks. If you mail me the IP off list I'll try and figure out what AS is advertising routes for it and track them down that way. Adam Maloney Systems Administrator Sihope Communications On Mon, 11 Sep 2000, Dave Sherohman wrote: > Adam Maloney said: > > whois ip.address.of.luser at arin.net > > > > will give you the information on the network coordinator. I can help you > > decode it and find out who owns what if you'd like. > > --- > pchan ~$ whois xx.xxx.xxx.xx at arin.net > > Whois Server Version 1.3 > > Domain names in the .com, .net, and .org domains can now be registered > with many different competing registrars. Go to http://www.internic.net > for detailed information. > > No match for "xx.xxx.xxx.xx at ARIN.NET". > > >>> Last update of whois database: Mon, 11 Sep 2000 04:45:28 EDT <<< > > The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and > Registrars. > --- > > I tried that same whois command line on myself and got identical results > (aside from the IP address). > > Side question: What (if anything) is the functional difference between using > whois to look for a.b.c.d at arin.net vs. d.c.b.a.in-addr.arpa? > > -- > "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist > "So does syphillis. Good thing we have penicillin." - Matthew Alton > Geek Code 3.1: GCS d- s+: a- C++ UL++$ P+>+++ L+++>++++ E- W--(++) N+ o+ > !K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI++++ D G e* h+ r++ y+ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org > For additional commands, e-mail: tclug-list-help at mn-linux.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org For additional commands, e-mail: tclug-list-help at mn-linux.org