Appendix D. Domain Name Extensions Used for Internet Addresses
One of the initial steps normally taken during the course of incident response is to determine the apparent source of the activity. This step will typically be accomplished by reviewing audit logs for an Internet Protocol (IP) address. The IP address will then be translated into its domain name by using one of the Internet registration resources to determine the source of the attack. Just because a signal comes from a specific IP address, however, it does not mean that the perpetrator is coming directly from that spot. Intruders often jump from IP address to IP address to hide their tracks. Nevertheless, the following codes can help to determine the country in which an address is ...
Get Effective Incident Response Team, The now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
