Locating a server

Discussion in 'Computer Security' started by Mr Free User, Mar 5, 2006.

  1. Mr Free User

    Mr Free User Guest

    I visit a forum which is said to be off-shore.

    Whois indicates a US Network and US Domain name registration.

    Are there any other tools at my disposal to truly determine if the forum
    is truly hosted overseas i.e. Not on US soil.

    Many thanks
    Mr Free User, Mar 5, 2006
    #1
    1. Advertising

  2. Mr Free User

    CJ Guest

    Mr Free User wrote:
    > I visit a forum which is said to be off-shore.
    >
    > Whois indicates a US Network and US Domain name registration.
    >
    > Are there any other tools at my disposal to truly determine if the
    > forum is truly hosted overseas i.e. Not on US soil.
    >
    > Many thanks


    Go here

    http://www.dnsstuff.com/

    And put the domain into the TraceRoute box.

    Typing tracert yourdomain.com from a command prompt will lead you to the
    same place but the dnsstuff page will give you more information.

    CJ
    CJ, Mar 5, 2006
    #2
    1. Advertising

  3. Mr Free User

    Mr Free User Guest

    CJ wrote:
    > Mr Free User wrote:
    >> I visit a forum which is said to be off-shore.
    >> Whois indicates a US Network and US Domain name registration.
    >>
    >> Are there any other tools at my disposal to truly determine if the
    >> forum is truly hosted overseas i.e. Not on US soil.

    >
    > Go here
    > http://www.dnsstuff.com/


    Thanks been there already.

    The IP leads to Colorado US.
    DNS Registrant is US.

    Could this IP then forward to an offshore location?
    Mr Free User, Mar 5, 2006
    #3
  4. Mr Free User

    donnie Guest

    On Sun, 05 Mar 2006 23:54:34 +0000, Mr Free User <>
    wrote:

    >CJ wrote:
    >> Mr Free User wrote:
    >>> I visit a forum which is said to be off-shore.
    >>> Whois indicates a US Network and US Domain name registration.
    >>>
    >>> Are there any other tools at my disposal to truly determine if the
    >>> forum is truly hosted overseas i.e. Not on US soil.

    >>
    >> Go here
    >> http://www.dnsstuff.com/

    >
    >Thanks been there already.
    >
    >The IP leads to Colorado US.
    >DNS Registrant is US.
    >
    >Could this IP then forward to an offshore location?

    ###############################
    I can register a domain in the US and pay someone in europe to host
    the site. Why don't you tell us the IP and the name of the forum and
    we'll look.
    donnie, Mar 6, 2006
    #4
  5. Mr Free User

    Dazza Guest

    "Mr Free User" <> wrote in message
    news:440b2215$0$48822$...
    >I visit a forum which is said to be off-shore.
    >
    > Whois indicates a US Network and US Domain name registration.
    >
    > Are there any other tools at my disposal to truly determine if the forum
    > is truly hosted overseas i.e. Not on US soil.
    >
    > Many thanks



    Why not try tracert ipaddy and see where it takes you???

    Open a DOS windown and type tracert IP <enter>


    Dazza
    Dazza, Mar 6, 2006
    #5
  6. Mr Free User

    CJ Guest

    Mr Free User wrote:
    > CJ wrote:
    >> Mr Free User wrote:
    >>> I visit a forum which is said to be off-shore.
    >>> Whois indicates a US Network and US Domain name registration.
    >>>
    >>> Are there any other tools at my disposal to truly determine if the
    >>> forum is truly hosted overseas i.e. Not on US soil.

    >>
    >> Go here
    >> http://www.dnsstuff.com/

    >
    > Thanks been there already.
    >
    > The IP leads to Colorado US.
    > DNS Registrant is US.
    >
    > Could this IP then forward to an offshore location?


    As I understand it, if the trace route ends in Colorado, that is where the
    server is.

    If the server then sends you somewhere else when you open the page, that
    must be another IP/domain, in which case you should see that in the address
    bar of your browser.

    Why not post the IP/domain and let others here try to locate it?

    CJ
    CJ, Mar 6, 2006
    #6
  7. Mr Free User wrote:

    > CJ wrote:
    >> Mr Free User wrote:
    >>> I visit a forum which is said to be off-shore. Whois indicates a US
    >>> Network and US Domain name registration.
    >>>
    >>> Are there any other tools at my disposal to truly determine if the
    >>> forum is truly hosted overseas i.e. Not on US soil.

    >>
    >> Go here
    >> http://www.dnsstuff.com/

    >
    > Thanks been there already.
    >
    > The IP leads to Colorado US.
    > DNS Registrant is US.
    >
    > Could this IP then forward to an offshore location?


    Yes, and no. It's possible that records point to an errant country of
    record, but once an IP resolves to a machine it's not going to be
    "forwarded" anywhere. Even if it is it wouldn't matter because all content
    would have to pass through that server anyway, so it's as equally open to
    being compromised.

    It's also possible you're looking for the wrong thing. The server
    'www.somehost.com' can be a completely different machine from
    'forums.somehost.com', for example. And plain old 'somehost.com' might
    resolve to a third place entirely.

    IOW, if there's an error it's either in someone's records, or your
    detective skills. ;) And it's mostly irrelevant either way, except that if
    it is true it proves someone "untrustworthy" to put it politely.

    There's also an issue of why claims of "off shore" are being made in the
    first place, and the usefulness and validity of political boundaries as a
    "security tool" to begin with. In a surprising number of scenarios it's
    discovered that machines located in remote locations are more vulnerable
    to the types of compromises they claim to be safer from. TLA snoops have
    considerably more authority in some places than they do others, and
    agreements between jurisdictions can actually make it EASIER to compromise
    a remote machine than it is one in your own back yard. To know if a
    particular server is "safer", one has to examine not only the laws of that
    location and their own, but the relationship between the two.

    If you want real answers, give real information. Tell the class what forum
    you're talking about specifically, and we'll check to make sure you're not
    looking at the wrong IP to begin with, then tell you exactly where it's
    located with a really high degree of accuracy.
    George Orwell, Mar 7, 2006
    #7
  8. Mr Free User

    Mr Free User Guest

    George Orwell wrote:
    > If you want real answers, give real information. Tell the class what forum
    > you're talking about specifically, and we'll check to make sure you're not
    > looking at the wrong IP to begin with, then tell you exactly where it's
    > located with a really high degree of accuracy.


    As requested opreview dot net
    Mr Free User, Mar 7, 2006
    #8
  9. CJ wrote:

    >>> Go here
    >>> http://www.dnsstuff.com/

    >>
    >> Thanks been there already.
    >>
    >> The IP leads to Colorado US.
    >> DNS Registrant is US.
    >>
    >> Could this IP then forward to an offshore location?

    >
    > As I understand it, if the trace route ends in Colorado, that is where the
    > server is.


    First, how do you know the traceroute ends in Colorado? It shows you a
    resolved name and an IP, and a bit of assurance in that you can sometimes
    see locational information in hops just prior to your destination, but in
    the end you're left with imperfect information at best. Geolocation and
    CDIR information aren't always completely accurate.

    > If the server then sends you somewhere else when you open the page, that
    > must be another IP/domain, in which case you should see that in the
    > address bar of your browser.


    Not necessarily. There's any number of ways to transparently forward data
    from one location to another. More commonly this is done by clients to
    give the appearance that they are the ones residing in falsified
    locations, but the exact same technology can be applied to the other end
    of the connection. The same VPN setup that makes you look like you're
    surfing from your privacy provider can make it appear as though the web
    page you're downloading is coming from what amounts to an "anonymizing
    proxy", to put it in common terms.

    You're not always looking at information that's fed directly form the
    machine you're getting it from. A good example would be Google, which
    feeds people data from any number of server clusters in God knows how
    many different locations, but does it in such a way that you only see it
    as a page coming for a single machine. This sort of distributed database
    really isn't at all that uncommon. It would probably be unusual for a
    little known web forum to be using it, but I could see how/why they might
    want to simply "proxy" the forum entirely.

    Just some thoughts..... :)
    George Orwell, Mar 7, 2006
    #9
  10. Mr Free User

    Moe Trin Guest

    On Tue, 07 Mar 200600, in the Usenet newsgroup alt.computer.security, in article
    <440d66cb$0$76207$>, Mr Free User wrote:

    >George Orwell wrote:
    >> If you want real answers, give real information.


    >As requested opreview dot net


    Registrant:
    Miriam Schonberger
    Miriam Schonberger ()
    12-150 E Briarwood Ave Suite
    348
    Centennial
    Colorado,80112
    US
    Tel. +1.30364998

    Creation Date: 03-Feb-2006

    However, that smells funny. 'Centennial, Colorado' is a suburb of Denver,
    about 16 miles South of the state capital building. The address itself
    seems to be munged.

    [compton ~]$ host opreview.net
    opreview.net has address 72.20.26.169
    opreview.net mail is handled (pri=0) by opreview.net
    [compton ~]$ host 72.20.26.169
    169.26.20.72.IN-ADDR.ARPA domain name pointer spunk.voltnet.org
    [compton ~]$

    Voltnet.org is hiding their registration information through a mailbox
    at what appears to be the UPS Store at Los Angeles International Airport.
    The registration data also has what appears to be "inconsistent" information.
    The nameservers authoritative for opreview.net are _registered_ in "Dublin,
    Ireland, again with "inconsistent" information, but TTLs strongly suggest
    otherwise.

    The IP address is assigned to Staminus Communications in Fullerton, CA,
    but it doesn't appear to be on line at the moment, and Staminus is not
    responding to whois queries. A trace blackholes in Los Angeles. Ah, it's
    a firewall - looks like the facility _MAY_BE_ in Irvine, CA.

    However as others have pointed out, that itself is meaningless. Were you to
    look up my employer, you'd find a New York state address, but the last host
    to respond to a trace is near San Francisco. Looking at my headers, you'd
    find I'm probably in Arizona, but other facilities of the company are in
    Japan, France, Brazil, and elsewhere. Oh, and I'm not posting from their
    address space.

    So the question is, why is it important that the server be 'off-shore'?
    There is (without legal intervention) very little you can do to trace it
    to an actual location, and who knows - it might be being forwarded to a
    server in a basement across the river from Bethesda, Maryland (though I
    doubt that very much - to crude). I'll say this much - the server is trying
    to hide a lot of data.

    Old guy
    Moe Trin, Mar 7, 2006
    #10
  11. Mr Free User

    Mr Free User Guest

    Moe Trin wrote:
    > On Tue, 07 Mar 200600, in the Usenet newsgroup alt.computer.security, in article
    > <440d66cb$0$76207$>, Mr Free User wrote:
    >
    >> George Orwell wrote:
    >>> If you want real answers, give real information.


    <snip>

    > So the question is, why is it important that the server be 'off-shore'?
    > There is (without legal intervention) very little you can do to trace it
    > to an actual location


    Thanks that's very informative.
    For me it's neither here nor there if it's "Off-shore" i.e. Outside the
    USA. It is touted as "Off-Shore" and my very basic investigation and
    limited capability determined it was most probably US based. It is an
    open forum discussing medication and sources thereof as I'm sure you're
    aware. I'm led to believe such forums may be under scrutiny by some
    authorities in the US and are routinely closed down.
    Mr Free User, Mar 7, 2006
    #11
  12. Mr Free User

    Dazza Guest

    "Mr Free User" <> wrote in message
    news:440d66cb$0$76207$...
    > George Orwell wrote:
    >> If you want real answers, give real information. Tell the class what
    >> forum
    >> you're talking about specifically, and we'll check to make sure you're
    >> not
    >> looking at the wrong IP to begin with, then tell you exactly where it's
    >> located with a really high degree of accuracy.

    >
    > As requested opreview dot net


    If you do a nslookup on that name get the IP addy... Then do nslookup on
    the IP addy and you will see that comes out as spunk.voltnet.org
    72.20.26.169 go do some whois on voltnet.org....

    See if that help you


    Dazza
    Dazza, Mar 7, 2006
    #12
  13. Mr Free User

    Moe Trin Guest

    On Tue, 07 Mar 2006, in the Usenet newsgroup alt.computer.security, in article
    <440df3e1$0$76718$>, Mr Free User wrote:

    >For me it's neither here nor there if it's "Off-shore" i.e. Outside the
    >USA. It is touted as "Off-Shore" and my very basic investigation and
    >limited capability determined it was most probably US based.


    As mentioned, it's awfully hard to say "from here" that any computer is
    truly located in any particular place. Packet sniffing and looking at
    the packet headers may offer additional clues, but without involving the
    legal types, it's never going to be positive. Even if you managed to get
    in contact with someone at the hosting center, they'd likely not provide
    positive information due to privacy concerns. By the way, did you notice
    the phone number of the registered domain owner? The "owner" of the
    domain providing name service ("in Dublin, Ireland") reports a Seattle
    area phone number - even though the hosts appear to be in LA.

    >It is an open forum discussing medication and sources thereof as I'm sure
    >you're aware.


    Actually, no - my reference to Bethesda MD has a slightly different
    meaning. When I tried to reach the server, I got no response what-so-ever.

    >I'm led to believe such forums may be under scrutiny by some
    >authorities in the US and are routinely closed down.


    Couldn't prove it by me. US Public Health Service may have an interest,
    but I see no reason they would close down a site. It's protected under
    the constitution. Should individuals be involved with unapproved, or
    illicit drugs, or should the drugs be crossing state (or international)
    borders, the Feds might get onto individuals, but closing a site? Why?
    It might be considered a good source of leads. Local or individual state
    authorities would probably act in similar mode.

    Old guy
    Moe Trin, Mar 8, 2006
    #13
  14. Mr Free User

    Winged Guest

    Moe Trin wrote:
    > On Tue, 07 Mar 200600, in the Usenet newsgroup alt.computer.security, in article
    > <440d66cb$0$76207$>, Mr Free User wrote:
    >
    >> George Orwell wrote:
    >>> If you want real answers, give real information.

    >
    >> As requested opreview dot net

    >
    > Registrant:
    > Miriam Schonberger
    > Miriam Schonberger ()
    > 12-150 E Briarwood Ave Suite
    > 348
    > Centennial
    > Colorado,80112
    > US
    > Tel. +1.30364998
    >
    > Creation Date: 03-Feb-2006
    >
    > However, that smells funny. 'Centennial, Colorado' is a suburb of Denver,
    > about 16 miles South of the state capital building. The address itself
    > seems to be munged.
    >
    > [compton ~]$ host opreview.net
    > opreview.net has address 72.20.26.169
    > opreview.net mail is handled (pri=0) by opreview.net
    > [compton ~]$ host 72.20.26.169
    > 169.26.20.72.IN-ADDR.ARPA domain name pointer spunk.voltnet.org
    > [compton ~]$
    >
    > Voltnet.org is hiding their registration information through a mailbox
    > at what appears to be the UPS Store at Los Angeles International Airport.
    > The registration data also has what appears to be "inconsistent" information.
    > The nameservers authoritative for opreview.net are _registered_ in "Dublin,
    > Ireland, again with "inconsistent" information, but TTLs strongly suggest
    > otherwise.
    >
    > The IP address is assigned to Staminus Communications in Fullerton, CA,
    > but it doesn't appear to be on line at the moment, and Staminus is not
    > responding to whois queries. A trace blackholes in Los Angeles. Ah, it's
    > a firewall - looks like the facility _MAY_BE_ in Irvine, CA.
    >
    > However as others have pointed out, that itself is meaningless. Were you to
    > look up my employer, you'd find a New York state address, but the last host
    > to respond to a trace is near San Francisco. Looking at my headers, you'd
    > find I'm probably in Arizona, but other facilities of the company are in
    > Japan, France, Brazil, and elsewhere. Oh, and I'm not posting from their
    > address space.
    >
    > So the question is, why is it important that the server be 'off-shore'?
    > There is (without legal intervention) very little you can do to trace it
    > to an actual location, and who knows - it might be being forwarded to a
    > server in a basement across the river from Bethesda, Maryland (though I
    > doubt that very much - to crude). I'll say this much - the server is trying
    > to hide a lot of data.
    >
    > Old guy

    Hush, that basement room is secret..

    Winged
    Winged, Mar 9, 2006
    #14
  15. Mr Free User

    Moe Trin Guest

    On Thu, 09 Mar 2006, in the Usenet newsgroup alt.computer.security, in article
    <>, Winged wrote:

    >Moe Trin wrote:


    >> There is (without legal intervention) very little you can do to trace it
    >> to an actual location, and who knows - it might be being forwarded to a
    >> server in a basement across the river from Bethesda, Maryland (though I
    >> doubt that very much - to crude).


    >Hush, that basement room is secret..


    You'll notice I didn't identify how far across the river it is. The older
    houses all have basements in that part of the country, so I'm not telling
    to much.

    Old guy
    Moe Trin, Mar 9, 2006
    #15
  16. Mr Free User

    John Hyde Guest

    on 3/9/2006 12:03 PM Moe Trin said the following:
    > On Thu, 09 Mar 2006, in the Usenet newsgroup alt.computer.security, in article
    > <>, Winged wrote:
    >
    >
    >>Moe Trin wrote:

    >
    >
    >>>There is (without legal intervention) very little you can do to trace it
    >>>to an actual location, and who knows - it might be being forwarded to a
    >>>server in a basement across the river from Bethesda, Maryland (though I
    >>>doubt that very much - to crude).

    >
    >
    >>Hush, that basement room is secret..

    >
    >
    > You'll notice I didn't identify how far across the river it is. The older
    > houses all have basements in that part of the country, so I'm not telling
    > to much.
    >
    > Old guy


    What? In Anacostia? Or . . . maybe you meant some other river . . .
    John Hyde, Mar 9, 2006
    #16
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?SmltYm8=?=

    Locating available wi fi hotspots

    =?Utf-8?B?SmltYm8=?=, Nov 16, 2005, in forum: Wireless Networking
    Replies:
    0
    Views:
    550
    =?Utf-8?B?SmltYm8=?=
    Nov 16, 2005
  2. mexiace
    Replies:
    2
    Views:
    421
    BradReeseCom
    Feb 6, 2005
  3. Jan
    Replies:
    3
    Views:
    503
  4. Robert11

    Video Card: Locating It In System ?

    Robert11, Nov 28, 2004, in forum: Computer Support
    Replies:
    4
    Views:
    1,800
    Buffalo
    Nov 29, 2004
  5. Bud Light

    Locating license key for operating system???

    Bud Light, May 19, 2005, in forum: Computer Support
    Replies:
    7
    Views:
    8,291
    Bud Light
    May 19, 2005
Loading...

Share This Page