Retrieve an email address of sysadmin only knowing the IP address

dru145 has asked for the wisdom of the Perl Monks concerning the following question:

Monks,

Does anybody know of a way that I can retrieve the email address of the system admin using whois (or any other utility) if I only have the ip address? I can't use Net::Whois because it only allows you to query by domain name.

For example, if I did a whois for the ip address 206.170.14.76 (www.perlmonks.com) at http://www.arin.net/whois/index.html, I get the below response. From here I want to extract the email address of ip-admin@PBI.NET to include in my abuse report. Any ideas on how I can do this?

TIA

-Dru

Union Partners Network (NETBLK-PBI-CUSTNET-3322)
   555 Howard Street Suite 201
   San Francisco, CA 94105
   US

   Netname: PBI-CUSTNET-3322
   Netblock: 206.170.14.0 - 206.170.15.255

   Coordinator:
      Pacific Bell Internet  (PIA2-ORG-ARIN)  ip-admin@PBI.NET
      888-212-5411

   Record last updated on 27-Jan-1999.
   Database last updated on 8-Aug-2001 23:09:21 EDT.
[download]

Comment on Retrieve an email address of sysadmin only knowing the IP address Download Code

Replies are listed 'Best First'.
Re: Retrieve an email address of sysadmin only knowing the IP address by jepri (Parson) on Aug 09, 2001 at 19:29 UTC
In that case Net::Whois needs to be patched. Even without it fully working, you can just do a reverse lookup on the IP and get the official domain name back. Then do a whois. There are some modules on CPAN to extract the emails and suchlike, but if you are working on the .com or .net domains, you will have troubles. Their format is screwed. So now all you need is a bit of regex-fu to pick out any email addresses in the line following contacts. You wouldn't want to use this in an automated mode though, because there can be multiple contacts and your program won't know which one to contact. ____________________ Jeremy I didn't believe in evil until I dated it.	[reply]
Re: Retrieve an email address of sysadmin only knowing the IP address by earthboundmisfit (Chaplain) on Aug 09, 2001 at 19:33 UTC
You could use ARIN.net and then parse the results: `#!/the/world/is/my/Perl -w use strict; use LWP; my $theIP = '206.170.14.76' #could easily be passed as a postarg or en +vironment var my $ua = new LWP::UserAgent; my $req = new HTTP::Request 'POST', 'http://www.arin.net/cgi-bin/whois +.pl'; $req->content_type('application/x-www-form-urlencoded'); $req->content('queryinput=', $theIP); my $response = $ua->request($req); &parse_resp($response); sub parse_resp { ..... # [HTML::Parser] }` [download]	[reply] [d/l]
Re: Retrieve an email address of sysadmin only knowing the IP address by Hofmator (Curate) on Aug 09, 2001 at 19:32 UTC
Very quick and dirty, assuming your output is in $string and an email address is everything not whitespacey around an @: `if (/(\S+@\S+)/} { $email = $1; }` [download] If the output format is always the same and the email is always at the same position then you can get more precise ... -- Hofmator	[reply] [d/l]
Re: Retrieve an email address of sysadmin only knowing the IP address by mischief (Hermit) on Aug 09, 2001 at 19:51 UTC
One way you might want to do it is querying the ARPA hostname associated with the IP address. For for an ip address of 1.2.3.4, this would be something like 3.2.1.in-addr.arpa. Don't forget that different ranges of ip address will use different whois servers though (eg European addresses will use whois.ripe.net).	[reply]
Re: Retrieve an email address of sysadmin only knowing the IP address by echo (Pilgrim) on Aug 09, 2001 at 20:44 UTC
As other posted noted the whois server depends on the geographical location-- arin.net handles only American IPs, ripe.net handles europe-asia, etc. One way os to use the whois proxy at whois.geektools.com. It will determine and query the correct whois server for you. Another way is to use the hostmaster email address which is present in the SOA record of the reverse domain. e.g. if the IP is 1.2.3.4, query for the SOA record of 3.2.1.in-addr.arpa. You can use Net::DNS to do this.	[reply]
Re: Re: Retrieve an email address of sysadmin only knowing the IP address by mischief (Hermit) on Aug 09, 2001 at 21:49 UTC
Using the email address in the SOA is one way of doing it, but bear in mind that the hostmaster is not necessarily the administrator of that netblock. The people who are in charge of the network, especially in large orgnisations, are generally seperate from the people who look after the nameservers.	[reply]
Re: Retrieve an email address of sysadmin only knowing the IP address by trantor (Chaplain) on Aug 10, 2001 at 10:57 UTC
When all else fails, or maybe as your first option (it's your option!), if the IP address responds to SMTP (port 25), you can always try to send an email message to `postmaster@[x.y.z.k]` where the square brackets have to be copied verbatim. Other good usernames to try are `root` and `administrator`. -- TMTOWTDI	[reply] [d/l] [select]