When looking at logs, if an attack has taken place and the IP can be discovered of the attacking machine, then it is possible to reverse trace the attacker and potentially find out their pc details, open ports, isp etc.
From linux, open a bash terminal:
dig -x 1.2.3.4
Where 1.2.3.4 is an IP address. This command may return a pointer record. Next, try a whois:
whois 1.2.3.4
This command should give the netblock owner, ISP etc. You can also try using the commands available at www.robtex.com
Finally, try an nmap command:
nmap -O 1.2.3.4
No comments:
Post a Comment