Solved

IP address tracing ?

Posted on 2000-05-03
7
363 Views
Last Modified: 2013-12-07
Hi all,
I'm not too good at networking stuff and would be glad if someone could give some pointers.

Recently, I had a debate with my friends. The topic was about whether a person is "tracable" via his IP address assuming he is using a dial up account and a proxy server, give the IP address and the time of login.

My friends argued that IP logging is like having a used train ticket. He said that even if we have the train number, the time of boarding etc, we won't know who excatly was on the train, unless a intensive and time consuming search is made.Futhurmore, he insisted that proxy server users are almost impossible to trace due to the high destination traffic information per day.

1) Are any of his claims true ?

2) Then, assuming it's possible to trace someone(who uses a dial up account and proxy servers), how do we go about tracing ?

Thanks for any answers - I need them quick, this question is driving us crazy
0
Comment
Question by:RainMan
  • 4
  • 3
7 Comments
 
LVL 3

Expert Comment

by:apadua
Comment Utility
Authorities use tracing all the time.

First, they issue a traceroute command, to find the path to the network of the offending IP. (In win9x/NT, the command at the dos prompt is tracert)

They'll then see the Ip address of the user at the end of the list, but they'll also see all the routers in the ISP's network. Now, they call up the ISP and ask them to check who got that IP at that time.

ISP's usually keep this because of billing. It's rather simple. When you type your logon and password (and your proxy server does this too), the ISP records the time you logged on and the IP address you logged on from. When you hang up, the ISP logs this too. (The protocols for doing this, in case you want to read further, are RADIUS and TACACS+).

Authorities can ask this information to ISPs, but they have to (insert legal mumbo-jumbo here).

You are right about the second part though. If your company uses a proxy, and one of the internal PC's does something that triggers a trace, all the trace will see is the Proxy server's IP. That's the end of the line, as far as a trace is concerned. Your proxy server may have logs, however, that will tell what internal user did what at what time. So you may or may not have this info. However, as far as the ISP's concerned, the responsible party is the one who hired the dial-up account.


If you want to remain anonymous, try www.anonymizer.com

Cheers,

Andre
0
 

Author Comment

by:RainMan
Comment Utility
Andre,
The system over here is that when we sign up for a dial up account with a ISP, we are to use the ISP's proxy servers to access the internet.

Correct me if I'm wrong but if we want to complain against a particular user who uses a proxy server, we would have to complain to the owner of the proxy server(in this case, the ISP?)?

That raises another question, how long (normally) does the proxy server's log exist? Does it also mean that normal users like us will not be able to find out who excatly is using a particular IP address at a certain time without the aid of the ISP involved ?

I'm rather new to networking and these questions could be frustrating to those seasoned, so pardon my stupid questions(if any) =)

Regards,
Andy
0
 

Author Comment

by:RainMan
Comment Utility
Andre,
The system over here is that when we sign up for a dial up account with a ISP, we are to use the ISP's proxy servers to access the internet.

Correct me if I'm wrong but if we want to complain against a particular user who uses a proxy server, we would have to complain to the owner of the proxy server(in this case, the ISP?)?

That raises another question, how long (normally) does the proxy server's log exist? Does it also mean that normal users like us will not be able to find out who excatly is using a particular IP address at a certain time without the aid of the ISP involved ?

I'm rather new to networking and these questions could be frustrating to those seasoned, so pardon my stupid questions(if any) =)

Regards,
Andy
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 3

Accepted Solution

by:
apadua earned 100 total points
Comment Utility
You mean configure them on your browser?

If that's what you mean, than don't worry. There are very few illegal things you can do with your browser :-)

Your ISP usually recommends this for other reasons, the main one being speed. If they have a very good proxy, they configure it to cache (keep) all information requested by users for a period of time. Frequently visited sites, such as microsoft.com and nba.com don't need to be transferred all the way from where they're located. What happens is you save ISP bandwidth, which can be used to serve users whose page requests can't be fulfilled by the proxy. (every now and then, the proxy server goes to the cached pages and checks to see if they changed. If they did, it discards its copy and at the next request, picks up a new one at the site).

Most hackers use protocols other than http. Most use telnet, and snmp (Simple network management protocol). These types of protocols are not proxy-enabled. So even though your ISP can't tell what pages you were in a few months ago, it may very well have logged the IP you had when you telneted to someones server and disabled it.

Cheers,

A.
0
 

Author Comment

by:RainMan
Comment Utility
Adjusted points from 75 to 100
0
 

Author Comment

by:RainMan
Comment Utility
The reason why I asked all these question is because someone posted some disturbing messages on a forum and the forum owner said he can't ban the fella who did so. Hence, some of us got into a debate whether the offender can be traced and warned by his ISP if we lodge a complain with the ISP.

Thanks for answering all my queries...I'll give 100points for that. :)
Regards,
Andy
0
 
LVL 3

Expert Comment

by:apadua
Comment Utility
Yes. If you complain to the ISP, they will usually investigate further. Keeping logs costs resources, such as hard drives, backup media and processor usage. But because of legal matters, the vast majority of them do keep them for at least a reasonable amount of time. Exactly what time is hard to say. Maybe just a week, maybe a few months. But if they back-up their logs and if the issue is serious enough, maybe you can get them to check their backups to see if there are any logs with the info you use. (They're usually cooperative, if you show them what the person did).


Good luck,

A.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now