Author Topic: Finding The True Source Of Malware Using Only DOS  (Read 7854 times)

0 Members and 1 Guest are viewing this topic.

June 23, 2012, 02:37:12 am
Read 7854 times

walterab

  • Jr. Member

  • Offline
  • **

  • 20
Attached white paper provides instructions. :)

June 23, 2012, 12:09:46 pm
Reply #1

dlipman

  • Special Access
  • Full Member

  • Offline
  • *

  • 60
    • Multi-AV Scanning Tool
I don't know why you are supplying this (and previous) information in the form of .EML files which are email disk files.  Whitepapers are better serviced in a published format such as in a PDF.  EML files are not a published format file type.

Using command line utilities such as PING, TRACERT and NSLOOKUP can be used but are limited in scope.  There are actually better GUI utilities that can provide more information such as NirSoft IPNetInfo.

For example using IPNetInfo for 118.94.176.29 provides...

Quote
% [whois.apnic.net node-5]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:        118.94.0.0 - 118.95.255.255
netname:        SIFYNET
descr:          Sify Limited
descr:          Chennai, India
country:        IN
admin-c:        HS51-AP
tech-c:         HS51-AP
remarks:
remarks:        -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks:        This object can only be updated by APNIC hostmasters.
remarks:        To update this object, please contact APNIC
remarks:        hostmasters and include your organisation's account
remarks:        name in the subject line.
remarks:        -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed:        hm-changed@apnic.net 20070827
mnt-by:         APNIC-HM
mnt-lower:      MAINT-IN-SIFY
status:         ALLOCATED PORTABLE
source:         APNIC

route:          118.94.176.0/24
descr:          SCBS
country:        IN
origin:         AS24193
mnt-by:         MAINT-IN-SIFY
changed:        ipadmin@sifycorp.com 20060718
source:         APNIC

person:         Hostmaster Satyam Infoway
nic-hdl:        HS51-AP
e-mail:         ipadmin@sifycorp.com
address:        Sify Limited,
address:        Second Floor, Tidel Park,
address:        No.4,Canal Bank Road,
address:        Taramani, Chennai - 600113
phone:          +91-44-22540770
fax-no:         +91-44-22540771
country:        IN
changed:        ipadmin@sifycorp.com 20040818
mnt-by:         MAINT-IN-SIFY
changed:        hm-changed@apnic.net 20060117
source:         APNIC