IP tracing, how is it done?
Discussion
Saw the recent Tivster / 999 thread by TED about IP tracing - so you can use this to see if one person is posting as two different logins yeah? .. is it a complicated thing to do or can a techno-luddite such as I grasp the fundamentals and do a bit of IP tracing? Can you also use it for e-mails and such like? I'm thinking I might just have a use for it on a little problem I seem to have.
Ted will have the IP address of each person who logs onto Pistonheads and with something like Traceroute (http://network-tools.com/) the IP address can be located and traced to the ISP where a complaint can be made or the address logged and blocked and lots of other shiny technical things done 
haha. ok been to the site and it's obvious a techno-luddite can't do it .. haven't a clue what all that means! So..
If I have (for sake of argument) someone who has logged into the forum on my site, and someone who has sent me e-mails in the past, can I tell if they are the same person at all? ie does both a forum login and an e-mail leave a trail of information that can be directly linked beyond doubt to each other if it's the same person who's looged in and sent the mail?
Hypothetically of course ..!
If I have (for sake of argument) someone who has logged into the forum on my site, and someone who has sent me e-mails in the past, can I tell if they are the same person at all? ie does both a forum login and an e-mail leave a trail of information that can be directly linked beyond doubt to each other if it's the same person who's looged in and sent the mail?
Hypothetically of course ..!
joospeed said:
haha. ok been to the site and it's obvious a techno-luddite can't do it .. haven't a clue what all that means! So..
If I have (for sake of argument) someone who has logged into the forum on my site, and someone who has sent me e-mails in the past, can I tell if they are the same person at all? ie does both a forum login and an e-mail leave a trail of information that can be directly linked beyond doubt to each other if it's the same person who's looged in and sent the mail?
Hypothetically of course ..!
I think so but I only know about matching the originating ISP. (which can certainly point to the same person) As you can in Outlook/OE or Hotmail get an extended view of header information sent with the email which will include email server information.
If you have a look at this URL below some people do it as a paid service but I'm sure there's a way without having to pay. www.abika.com/Reports/verifyemail.htm
To find the IP address of a sender from an e-mail, open the e-mail and select - view - options, this will bring up a window full of information, you will need to search through this for the IP (received from). Enter this address into the search field of a trace route style program such as www.geektools.com (select the "who is" tab). From your web logs you should also be able to find the IP of any visitors, you can use the same methods to trace them.
An IP address is assigned to a single host on the Internet, multiple machines may hide behind a single host (such as a firewall or proxy)(think of it as a gateway to the Internet).
To avoid all this hassle contract me and I will do it all for you
An IP address is assigned to a single host on the Internet, multiple machines may hide behind a single host (such as a firewall or proxy)(think of it as a gateway to the Internet).
To avoid all this hassle contract me and I will do it all for you
Easier still:
http://visualroute.visualware.co.uk/
Just type the address in at the top and hit go!!!
http://visualroute.visualware.co.uk/
Just type the address in at the top and hit go!!!
joospeed said:
So..
If I have (for sake of argument) someone who has logged into the forum on my site, and someone who has sent me e-mails in the past, can I tell if they are the same person at all?
You would need the ip address and the date & time the email was sent and the post in the forum posted. If the ip address is the same then the user may well have a fixed address so the date time may be unimportant however you should then go somewhere like www.geektools.com - click on the Whosis link and type the ip address into the box and click whois.
This (with any luck and if its a real address) will give their ISP - try 217.35.52.134 - you'll see it belongs to the BT ADSL pool (mine from a few weeks back).
If you then mail the complaints bods (good ISPs will have an abuse email address listed in the whois results - in this case you'll see "Please send abuse reports to abuse@btopenworld.com") with the ip address and date and time and a descrption of the abuse they should get in touch with their customer and ask them to curtail their abusive activities or have the service removed.
The ISP is very unlikely (in fact probably cannot)to tell you who the culprit is unless it gets legal, so don't ask, however if the abuse does not go away keep mailing I've found it does work in quite a few cases - however if the person is using a false ip address or masking their real one it would be much more difficult to find the culprit.
HTH
Paul
Edited to say - beaten to it - 5 mins of typing was 5 mins too long !
>> Edited by gopher on Tuesday 29th July 21:39
This is a bit unreliable as most people posting from work, will go through a proxy - which has just 1 IP address. So everyone from the same company had the same IP address to the outside world.
Same applies to some ISPs who use 'transparent' proxies. In some NTL areas all home NTL users will have the same ip address which happens to be the address of the proxy. You'd need to contact NTL to find out who the actual person was....
Same applies to some ISPs who use 'transparent' proxies. In some NTL areas all home NTL users will have the same ip address which happens to be the address of the proxy. You'd need to contact NTL to find out who the actual person was....
There are a number of problems with doing the things suggested here;
- Since the vast majority of ISP customers use DHCP to get a dynamic address, tracerouting doesn't buy you a lot.
- Because of that, you need to get the ISP to look in their DHCP and email logs to find out who the originator was at a given time. This is not something you can do.
- The real problem is getting an ISP's abuse desk to talk to you at all. Unless there has been a gross breach of their AUP or a criminal act committed, chances are you'll get an autoresponder at best. Some ISP's apparently completely ignore all complaints about their customers.
- Since the vast majority of ISP customers use DHCP to get a dynamic address, tracerouting doesn't buy you a lot.
- Because of that, you need to get the ISP to look in their DHCP and email logs to find out who the originator was at a given time. This is not something you can do.
- The real problem is getting an ISP's abuse desk to talk to you at all. Unless there has been a gross breach of their AUP or a criminal act committed, chances are you'll get an autoresponder at best. Some ISP's apparently completely ignore all complaints about their customers.
to find out to owns the ip or ip block go to one of the following registries and do a whois lookup. this will usually give you contact numbers to report abuse etc.
www.ripe.net - european ip's
www.arin.net - american ip's
www.apnic.net - asia pacific ip's
www.ripe.net - european ip's
www.arin.net - american ip's
www.apnic.net - asia pacific ip's
tim_s said:
to find out to owns the ip or ip block go to one of the following registries and do a whois lookup. this will usually give you contact numbers to report abuse etc.
www.ripe.net - european ip's
www.arin.net - american ip's
www.apnic.net - asia pacific ip's
Better still, try;
www.allwhois.com
Which will sort out which registry to query for you.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff