I'm having some trouble and am not sure where to find the information that im looking for.

This is the question/scenario.

Using "Netstat" you see "213.219.36.107", attach to your port #110.

1) What is the IP's FQDN?
2) Who is the registrar for it?
3) Who owns the address/address block?
4) what port is it talking to? (service)
5) Is it likely that the FQDN owner is actually attached to your port? If not why not?
6)Who would you contact at FQDN management if you think security is breached?

Than he wants me to state and note tools/sites used to answer each question.


I'm not asking for you folks to do this for me, but maby you could point me in a direction thats better than the one im looking at.

Currently I was using the "whois" portion at samspade.com, however i am not sure if any of the info it brings up is the info im looking for.

samspade also says that the domain is "RIPE.COM".
Is the domain the same as the FQDN?

well any help is much appreciated
thanks

im kinda lost:(

Looks like it could be a hacker trying to access a pop3 server port on your machine.

Havent time to look in detail but the trail ends at
globix network but that could just be on my route out.

Most likely to be a spoofed IP address.

Whoever he is he knows waht he is doing.

(FQDN) The full name of a system, consisting of its local hostname and its domain name, including a top-level domain (tld). For example, "venera" is a hostname and "venera.isi.edu" is an FQDN. An FQDN should be sufficient to determine a unique Internet address for any host on the Internet. This process, called "name resolution", uses the Domain Name System (DNS).

RIPE - http://www.ripe.net/ripe/about/index.html

iT HOSTS THE WHOIS DATABASE you were querying.
.

To elaborate a tiny bit:
FQDN = Fully Qualified Domain Name
e.g.
Server "samnt33" FQDN is "samnt33.skokie.il.na.fmo"

Here's a screen capture of all the netstat switches: