As admin you are probably used to hackers trying to gain access to your servers. Usually you will just try to keep them out of your network without bothering to figure out who is attempting to hack your servers. However, in some cases it is necessary to track down the person behind an attack. Typically, you only have the IP address from which the attack originated. That’s where IPNetInfo comes in. This free stand-alone tool retrieves all available information about an IP address from the Internet.
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
- Automatically mount an NVMe EBS volume in an EC2 Linux instance using fstab - Mon, Feb 21 2022
There are several organizations which provide such information on the Web. But the advantage of IPNetInfo is that it can query all of them, which can save you some time. These are the organizations to which IPNetInfo sends requests: ARIN, RIPE, APNIC, LACNIC and AfriNIC.
Another nice feature of IPNetInfo is that you can enter multiple IP addresses. If you see in your log files that the attacks came from multiple sources, you can just paste all suspicious IP addresses to IPNetInfo and it will present the information for all of them in a table. It is also possible to just paste the header of an email message to IPNetInfo’s input field. This makes it easy to find out more about the origin of a SPAM mail.
The information you can get includes the owner of the IP address, the country/state name, IP addresses range, contact information (address, phone, fax, and email), and more.
Good luck with your hacker hunting. 😉