Most virtual web-hosting companies require customers to have a domain name, but if it's not used anywhere and the website only uses its IP address to advertise, then it is not easy to be found.

Other times a pool of IP addresses is shared between a number of machines - eg on a dynamic-IP dialup connection your machine will be allocated a different IP address each time you connect.

These addresses are usually written in Dotted Quad notation, as a series of four 8 bit numbers, written in decimal and separated by periods. For example 151.196.75.10

Each number is in the range 0 to 255 - so if you ever see something that looks like an IP address with numbers outside those ranges it's not a real address.

The leftmost number is the most significant and the rightmost the least.

So... 151.196.75.10 and 151.196.75.11 are right next-door to each other whilst 151.196.75.10 and 152.196.75.10 are completely unrelated.

IP Address allocation

Traditionally IP addresses were allocated to companies and ISPs in blocks.

A Class A Address Block or, less formally, an A Block is a block of 16,000,000 or so (2^24) addresses from X.0.0.0 to X.255.255.255, where 0 < X < 127.

So... the entire 9.0.0.0 - 9.255.255.255 range of addresses is the A Block owned by IBM.

A B Block is a block of 65,000 or so (2^16) addresses from X.Y.0.0 to X.Y.255.255, where 127 < X < 192 and 0 <= Y < 256

A C Block is a block of 256 addresses from X.Y.Z.0 to X.Y.Z.255 where 191 < X < 224, 0 <= Y,Z <256

(There are also D and E class addresses allocated in the 224-255 range - these are reserved for multicast and experimental applications - you'll never see them in practice)

Traditional blocks are often described using the first address in the block, eg IBM own A Block 9.0.0.0and Cyberpromo own C Block 205.199.2.0 Other times they may be described using just the constant prefix, eg net 9 for IBM or net 205.199.2 for CyberPromo

[You'll often hear any address range from X.Y.Z.0 to X.Y.Z.255 called a C Block even though it technically isn't unless 191 < X < 224]

CIDR Allocation

Recently things have changed. IP addresses are in short supply and routers have become more sophisticated, so it's now usual to allocate blocks of addresses on pretty much any bit boundary.

You'll often see blocks of 64 addresses for instance, such as 151.196.75.128 to 151.196.75.191

A common way of naming these blocks is CIDR syntax; this is the initial constant prefix and the length in bits.

So... 151.196.75.0 to 151.196.75.255 might be described as 151.196.75/24

and... 151.196.75.128 to 151.196.75.191 might be described as 151.196.75.128/26
 

But who's in charge of this address block?

To find out who administers a block of addresses you can use the IP Block tool to query the Internic database. This is sometimes wildly out of date, but can be a good start.

Special Cases
There are some special ranges of addresses reserved for special uses.

Loopback
The 127.*.*.* block is reserved for local loopback - so these addresses will always point back to your own machine.

The canonical loopback address is 127.0.0.1

Private networks

Some blocks of addresses are allocated for private networks - packets from these machines should be dropped by most routers. Why is this useful? If you want to setup a private network you don't need to use up any of the scarce allocation of 'real' IP addresses. So you need to make up your own addressing scheme to use internally.

As long as you're not connected to the internet in any way you could use any scheme you wanted. But what if you have a gateway machine that lets you e.g. send mail to and from the internet?

If you chose an arbitrary IP address range for your local network and the packets leaked through the gateway onto the internet they'd end up going to the Real owner of those addresses, probably fubaring their system and provoking stern 'phone calls.

This has happened, even within huge multinational corporations who didn't follow the rules and chose arbitrary addresses for their internal network.

So there are ranges of addresses allocated as private addresses. You can use these quite safely, as everyone's routers are told to just throw packets to or from these addresses away. So if your packets escape they'll be deleted.

These private address blocks are:

10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

If you see one of these addresses in a received line it means the email has been forwarded around an internal network before being gatewayed to the internet proper.

So far, so froody.

There are some IP addresses in each block reserved for broadcast and other obscure stuff. Check the RFCs--links available at bottom of page--if you're really interested.
 

Email to an IP address

Incidentally, if you want to send email to a machine and you know the machines IP address you can send it to user@[w.x.y.z]

So, just for the sake of example, if you were to put this HTML tag:

<A HREF="mailto:postmaster@[127.0.0.1]"></A>

In a web page, and someone were to scan your webpage for email addresses and then try to send spam to them they'd end up sending a copy to postmaster at the machine 127.0.0.1. As we said earlier 127.0.0.1 is always your own machine, so this would make the spammer spam their own system administrator....

Name resolution
IP addresses work pretty well, but they're not as memorable as machine names. So we need some way to map names to addresses (and ideally back again).

Domain Name Service
DNS is a distributed system. The end user doesn't really care about this, but in case you're interested here's how it works.

You try and access http://www.blighty.com and Netscape wakes up and asks Windows what IP address www.blighty.com maps to.

Windows then sends a request to your local nameserver, usually the nameserver of your ISP. If someone else has looked up the address recently the nameserver might already know the answer. If not it realizes that it doesn't know, and works out who might know.

Your ISPs nameserver then contacts that nameserver - if it knows it answers. If not, it works out who might know.... you get the idea.

Finally the result gets forwarded back to your local nameserver, which caches the result so it can use it again later and passes the answer back to your system - 151.196.75.10.

[In reality it's a bit more formal than that, with 'zones of authority' rather than guesswork to find out who might know the answer]

DNS lookups
You can query a DNS server and get all sorts of good stuff in it, not just the address-name mappings.

Reverse lookup
Finding the hostname given the IP address is very useful. If you're tracing spam you need the domain name to be able to find whois information.
Notes:
Reverse lookup a DNS whois tool that perform forward and reverse DNS queries for the current address (this will usually give you the IP address of a hostname and the hostname of an IP address)

Sometimes you can just use the DNS tool on an IP address, and it'll give you the hostname. Sometimes it won't be able to find a hostname

Just because a host has forward DNS from name to address there's no guarantee or requirement for it to have reverse DNS from address to name. Many sites do, many sites don't.

If there's no reverse DNS you need to resort to guerrilla approaches. If there's a web site that's a good bet. Do a view source to look at the HTML source, particularly for forms and mailto links.

Sometimes telnetting to the machine will give a banner identifying the machine. Or telnetting to other ports on the machine (25, 110, 119) can sometimes give a banner. Then you can use forward DNS to confirm that the address maps back to the right IP.

The port scan tool can scan a range of ports on a machine, to see which are providing services. Then you can telnet to each one in turn to see if any leak information.

What if the site is being coy, and trying to hide their domain name? Most virtual web-hosting companies require customers to have a domain name, but if it's not used anywhere and the website is advertised using its IP address rather than domain name it's hard to find.

On some virtual web servers accessing http://w.x.y.z/stats or http://w.x.y.z/logs triggers a redirect that can give you the name.

Advanced DNS

DNS has all sorts of good stuff in it, not just the address-name mappings. You can get at this with the dig tool--see bottom of page on: Tools provided by Sam Spade

These are some of the things it can tell you:
A
The Address of a hostname. There's only one A record for each host.

NS
The authoritative nameserver for a domain

MX
The mail exchanger for the domain. For example, there is no such machine as demon.net, yet you can send email to user@demon.net. The MX record tells the mail system to send mail for user@demon.net to user@relay-1.mail.demon.net instead.

CNAME
An alias for a machine. A number of different names may resolve to the same IP address. A CNAME entry for a domain points you at the real name of the system.

HINFO
Hardware and software used by the host

RP
The responsible person for a domain

ANY
All records available

There are around 40 more, but these are the most common.
To see full list, see: advance dig

You can also ask for a complete Zone Transfer from a nameserver. This contains all the records it has for a given domain. If there's no reverse DNS setup this can be the only way of getting a full list of the machines within a domain.

You can only do a zone transfer from the name server that is authoritative for a domain, so you need to query your local nameserver to find an authorative server for a domain before doing a zone transfer

References
RFC Internet Protocol

RFC791 http://www.faqs.org/rfcs/rfc791.html

RFC1122 http://www.faqs.org/rfcs/rfc1122.html

A more technical tutorial
http://oac3.hsc.uth.tmc.edu/staff/snewton/tcp-tutorial/

Private addresses:
RFC1918 http://www.faqs.org/rfcs/rfc1918.html

DNS
A good DNS overview http://eeunix.ee.usm.maine.edu/guides/dns/dns.html

Lots of DNS resources http://www.dns.net/dnsrd/

Linux DNS How to
http://sunsite.unc.edu/LDP/HOWTO/DNS-HOWTO.html

O'Reilly books
TCP/IP Network Administration http://www.ora.com/catalog/tcp2/noframes.html

DNS and BIND http://www.ora.com/catalog/dns2/noframes.html

Essential Windows NT System Administration http://www.ora.com/catalog/esawinnt/noframes.html

Linux Network Administrator's Guide http://www.ora.com/catalog/linag/noframes.html

What is an IP address?

Any feed-back or suggestions? Please Drop us a note

Art of eMail CRM | eMail Bolts&Nuts

Home | Contact Us | Privacy Policy | Guest Book | Useful Sites

Support | Purchase | Product Info | Download Bounce eMail Manager Freeware

©Copyright June 2002  Permission to re-print, please click here