IP address tracing ?

Hi all,
I'm not too good at networking stuff and would be glad if someone could give some pointers.

Recently, I had a debate with my friends. The topic was about whether a person is "tracable" via his IP address assuming he is using a dial up account and a proxy server, give the IP address and the time of login.

My friends argued that IP logging is like having a used train ticket. He said that even if we have the train number, the time of boarding etc, we won't know who excatly was on the train, unless a intensive and time consuming search is made.Futhurmore, he insisted that proxy server users are almost impossible to trace due to the high destination traffic information per day.

1) Are any of his claims true ?

2) Then, assuming it's possible to trace someone(who uses a dial up account and proxy servers), how do we go about tracing ?

Thanks for any answers - I need them quick, this question is driving us crazy
RainManAsked:
Who is Participating?
 
apaduaConnect With a Mentor Commented:
You mean configure them on your browser?

If that's what you mean, than don't worry. There are very few illegal things you can do with your browser :-)

Your ISP usually recommends this for other reasons, the main one being speed. If they have a very good proxy, they configure it to cache (keep) all information requested by users for a period of time. Frequently visited sites, such as microsoft.com and nba.com don't need to be transferred all the way from where they're located. What happens is you save ISP bandwidth, which can be used to serve users whose page requests can't be fulfilled by the proxy. (every now and then, the proxy server goes to the cached pages and checks to see if they changed. If they did, it discards its copy and at the next request, picks up a new one at the site).

Most hackers use protocols other than http. Most use telnet, and snmp (Simple network management protocol). These types of protocols are not proxy-enabled. So even though your ISP can't tell what pages you were in a few months ago, it may very well have logged the IP you had when you telneted to someones server and disabled it.

Cheers,

A.
0
 
apaduaCommented:
Authorities use tracing all the time.

First, they issue a traceroute command, to find the path to the network of the offending IP. (In win9x/NT, the command at the dos prompt is tracert)

They'll then see the Ip address of the user at the end of the list, but they'll also see all the routers in the ISP's network. Now, they call up the ISP and ask them to check who got that IP at that time.

ISP's usually keep this because of billing. It's rather simple. When you type your logon and password (and your proxy server does this too), the ISP records the time you logged on and the IP address you logged on from. When you hang up, the ISP logs this too. (The protocols for doing this, in case you want to read further, are RADIUS and TACACS+).

Authorities can ask this information to ISPs, but they have to (insert legal mumbo-jumbo here).

You are right about the second part though. If your company uses a proxy, and one of the internal PC's does something that triggers a trace, all the trace will see is the Proxy server's IP. That's the end of the line, as far as a trace is concerned. Your proxy server may have logs, however, that will tell what internal user did what at what time. So you may or may not have this info. However, as far as the ISP's concerned, the responsible party is the one who hired the dial-up account.


If you want to remain anonymous, try www.anonymizer.com

Cheers,

Andre
0
 
RainManAuthor Commented:
Andre,
The system over here is that when we sign up for a dial up account with a ISP, we are to use the ISP's proxy servers to access the internet.

Correct me if I'm wrong but if we want to complain against a particular user who uses a proxy server, we would have to complain to the owner of the proxy server(in this case, the ISP?)?

That raises another question, how long (normally) does the proxy server's log exist? Does it also mean that normal users like us will not be able to find out who excatly is using a particular IP address at a certain time without the aid of the ISP involved ?

I'm rather new to networking and these questions could be frustrating to those seasoned, so pardon my stupid questions(if any) =)

Regards,
Andy
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
RainManAuthor Commented:
Andre,
The system over here is that when we sign up for a dial up account with a ISP, we are to use the ISP's proxy servers to access the internet.

Correct me if I'm wrong but if we want to complain against a particular user who uses a proxy server, we would have to complain to the owner of the proxy server(in this case, the ISP?)?

That raises another question, how long (normally) does the proxy server's log exist? Does it also mean that normal users like us will not be able to find out who excatly is using a particular IP address at a certain time without the aid of the ISP involved ?

I'm rather new to networking and these questions could be frustrating to those seasoned, so pardon my stupid questions(if any) =)

Regards,
Andy
0
 
RainManAuthor Commented:
Adjusted points from 75 to 100
0
 
RainManAuthor Commented:
The reason why I asked all these question is because someone posted some disturbing messages on a forum and the forum owner said he can't ban the fella who did so. Hence, some of us got into a debate whether the offender can be traced and warned by his ISP if we lodge a complain with the ISP.

Thanks for answering all my queries...I'll give 100points for that. :)
Regards,
Andy
0
 
apaduaCommented:
Yes. If you complain to the ISP, they will usually investigate further. Keeping logs costs resources, such as hard drives, backup media and processor usage. But because of legal matters, the vast majority of them do keep them for at least a reasonable amount of time. Exactly what time is hard to say. Maybe just a week, maybe a few months. But if they back-up their logs and if the issue is serious enough, maybe you can get them to check their backups to see if there are any logs with the info you use. (They're usually cooperative, if you show them what the person did).


Good luck,

A.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.