Home Did you know ? What Can You Learn from a Reverse IP Lookup?

What Can You Learn from a Reverse IP Lookup?

by Mic Johnson

These days when attacks occur every minute, cybersecurity has become an utmost priority for individuals and companies alike. No one is exempt from becoming a target as the following statistics show:

  • IBM’s “Cost of a Data Breach Report 2020” showed that organizations that succumbed to data breaches lost an average of US$3.86 million.
  • People lost as much as US$17,700 to phishing attacks every minute.
  • This year, the global cybercrime cost is expected to reach US$6 trillion.

There are ways to avoid becoming the next cyber attack victim, three of them (listed here) are enabled by reverse IP lookups. Not everyone may know what a reverse IP lookup is, though, so let’s start with the basics.

What Is a Reverse IP Lookup?

Whenever we access the Internet, the device we use (computer, mobile phone, or tablet) can be identified by an IP address. In some cases, IP addresses can also point to a domain—maybe even a company-owned one.

All these current IP address-to-domain resolutions are stored in a Domain Name System (DNS) server somewhere. Past resolutions, meanwhile, can be tracked and stored by providers of historical DNS databases. Using those databases, cybersecurity analysts and researchers can perform reverse IP lookups for tasks like attack surface management, third-party risk assessment, and cybercriminal infrastructure identification. Read on to find out what you can learn from reverse IP lookups below.

3 Questions a Reverse IP Lookup Can Answer

Although reverse IP lookups are helpful in search engine optimization (SEO) and marketing, they’re probably most useful for cybersecurity. In particular, they can provide the answers to the three questions below.

Are shared hosts putting your network at risk?

A majority of users utilize shared rather than dedicated IP addresses and that’s okay so long as you don’t share your web infrastructure with malicious properties. The presence of malware-infected domains and IP addresses in any of the servers connected to your network can have a damaging effect on your reputation. That said, you need to know if any of the hosts you share with multiple users (other companies) are harmful.

Subjecting your IP addresses to reverse IP lookups lets you see the domains which they have resolved to over time (depending on how long the passive DNS database you’re using has been pooling data). Pairing that approach with malware checks on the connected domains allows you to identify which of the web properties might be malicious. If any of the domains are dangerous, you can ask your ISP to give you an IP address that won’t put your network and digital assets at risk.

Can you truly trust the third parties you work with?

A third of the companies that suffered from a data breach in 2020 mentioned third parties as the cause. And suppose you let external users (non-employees, contractors, and the like) unfettered access to your network and assets without vetting them or putting strict security protocols in place. In that case, you may end up in the same predicament.

The danger can be mitigated if you vet third parties before granting them access to your digital properties. One way to do that is to put their IP addresses under the microscope aided by a reverse IP lookup solution. You should get a list of the domains that share that host. Your goal is to ensure none of them can put your infrastructure at risk.

Putting strict protocols in place is part of third-party risk management as well. Part of that is limiting the amount of data and number of systems they can access. Routine audits are necessary as well just to make sure they’re not abusing their privilege nor putting you in harm’s way.

Are your blocklists as exhaustive as they should be?

Staying abreast of the latest threats is necessary if you’re to keep them at bay. An effective way of doing that is blocking all possible threat entry points. A comprehensive blocklist is a must, therefore.

While relying on publicized lists of indicators of compromise (IoCs) is the way to go about that, you can go a step further. Instead of blocking a single malicious IP address, you can also include all the malicious domains that resolve to it.

On the other hand, blocking an IP address could result in overblocking as well. While IP-level blocking is surely effective, it could alienate more users than you should. We’re talking about domains that could belong to customers or prospective clients but happen to share an IP address with malicious pages. A reverse IP lookup can prevent that. Instead of blocklisting IP addresses, you could block only the malicious resolving domains that point to them.

Reverse IP lookups can let you learn a lot more about your, third parties’, and threat actors’ infrastructures such that you can better maintain the security and integrity of your network and digital assets.

You may also like