Solved

IP address tracing ?

Posted on 2000-05-03
7
389 Views
Last Modified: 2013-12-07
Hi all,
I'm not too good at networking stuff and would be glad if someone could give some pointers.

Recently, I had a debate with my friends. The topic was about whether a person is "tracable" via his IP address assuming he is using a dial up account and a proxy server, give the IP address and the time of login.

My friends argued that IP logging is like having a used train ticket. He said that even if we have the train number, the time of boarding etc, we won't know who excatly was on the train, unless a intensive and time consuming search is made.Futhurmore, he insisted that proxy server users are almost impossible to trace due to the high destination traffic information per day.

1) Are any of his claims true ?

2) Then, assuming it's possible to trace someone(who uses a dial up account and proxy servers), how do we go about tracing ?

Thanks for any answers - I need them quick, this question is driving us crazy
0
Comment
Question by:RainMan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 3

Expert Comment

by:apadua
ID: 2773866
Authorities use tracing all the time.

First, they issue a traceroute command, to find the path to the network of the offending IP. (In win9x/NT, the command at the dos prompt is tracert)

They'll then see the Ip address of the user at the end of the list, but they'll also see all the routers in the ISP's network. Now, they call up the ISP and ask them to check who got that IP at that time.

ISP's usually keep this because of billing. It's rather simple. When you type your logon and password (and your proxy server does this too), the ISP records the time you logged on and the IP address you logged on from. When you hang up, the ISP logs this too. (The protocols for doing this, in case you want to read further, are RADIUS and TACACS+).

Authorities can ask this information to ISPs, but they have to (insert legal mumbo-jumbo here).

You are right about the second part though. If your company uses a proxy, and one of the internal PC's does something that triggers a trace, all the trace will see is the Proxy server's IP. That's the end of the line, as far as a trace is concerned. Your proxy server may have logs, however, that will tell what internal user did what at what time. So you may or may not have this info. However, as far as the ISP's concerned, the responsible party is the one who hired the dial-up account.


If you want to remain anonymous, try www.anonymizer.com

Cheers,

Andre
0
 

Author Comment

by:RainMan
ID: 2774392
Andre,
The system over here is that when we sign up for a dial up account with a ISP, we are to use the ISP's proxy servers to access the internet.

Correct me if I'm wrong but if we want to complain against a particular user who uses a proxy server, we would have to complain to the owner of the proxy server(in this case, the ISP?)?

That raises another question, how long (normally) does the proxy server's log exist? Does it also mean that normal users like us will not be able to find out who excatly is using a particular IP address at a certain time without the aid of the ISP involved ?

I'm rather new to networking and these questions could be frustrating to those seasoned, so pardon my stupid questions(if any) =)

Regards,
Andy
0
 

Author Comment

by:RainMan
ID: 2774568
Andre,
The system over here is that when we sign up for a dial up account with a ISP, we are to use the ISP's proxy servers to access the internet.

Correct me if I'm wrong but if we want to complain against a particular user who uses a proxy server, we would have to complain to the owner of the proxy server(in this case, the ISP?)?

That raises another question, how long (normally) does the proxy server's log exist? Does it also mean that normal users like us will not be able to find out who excatly is using a particular IP address at a certain time without the aid of the ISP involved ?

I'm rather new to networking and these questions could be frustrating to those seasoned, so pardon my stupid questions(if any) =)

Regards,
Andy
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 3

Accepted Solution

by:
apadua earned 100 total points
ID: 2775376
You mean configure them on your browser?

If that's what you mean, than don't worry. There are very few illegal things you can do with your browser :-)

Your ISP usually recommends this for other reasons, the main one being speed. If they have a very good proxy, they configure it to cache (keep) all information requested by users for a period of time. Frequently visited sites, such as microsoft.com and nba.com don't need to be transferred all the way from where they're located. What happens is you save ISP bandwidth, which can be used to serve users whose page requests can't be fulfilled by the proxy. (every now and then, the proxy server goes to the cached pages and checks to see if they changed. If they did, it discards its copy and at the next request, picks up a new one at the site).

Most hackers use protocols other than http. Most use telnet, and snmp (Simple network management protocol). These types of protocols are not proxy-enabled. So even though your ISP can't tell what pages you were in a few months ago, it may very well have logged the IP you had when you telneted to someones server and disabled it.

Cheers,

A.
0
 

Author Comment

by:RainMan
ID: 2777746
Adjusted points from 75 to 100
0
 

Author Comment

by:RainMan
ID: 2777752
The reason why I asked all these question is because someone posted some disturbing messages on a forum and the forum owner said he can't ban the fella who did so. Hence, some of us got into a debate whether the offender can be traced and warned by his ISP if we lodge a complain with the ISP.

Thanks for answering all my queries...I'll give 100points for that. :)
Regards,
Andy
0
 
LVL 3

Expert Comment

by:apadua
ID: 2778720
Yes. If you complain to the ISP, they will usually investigate further. Keeping logs costs resources, such as hard drives, backup media and processor usage. But because of legal matters, the vast majority of them do keep them for at least a reasonable amount of time. Exactly what time is hard to say. Maybe just a week, maybe a few months. But if they back-up their logs and if the issue is serious enough, maybe you can get them to check their backups to see if there are any logs with the info you use. (They're usually cooperative, if you show them what the person did).


Good luck,

A.
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question