We help IT Professionals succeed at work.

IP tracking?

tek07
tek07 asked
on
Medium Priority
377 Views
Last Modified: 2010-04-11
I was wondering if it was possible to find out more than just the Host of the ip user. For instance, if I was to log onto my msg board and their ip address is logged, besides finding out that they are using COMCAST's network, would I be able to find out anything else?
Comment
Watch Question

AneeshDatabase Consultant
CERTIFIED EXPERT
Top Expert 2009

Commented:
something like this,

Tracert hotmail.com
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Legally, no. I meant, the way that SOME networks are set up, if you can get names associated with IPs, you can get an idea of what area they're located in. There are programs that let you do tracing, but they're not always accurate.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Well, actually... if you were using a script of some sort, you could find out things like the browser and I think the OS they're using and several other things. Do a search for CGI environmental variables to get a sample of things that can be obtained. But you wouldn't be doing that starting from ONLY the IP address.

Author

Commented:
yeah that's all i've been able to do. it was just out of curiosity, so i guess there's no real way of tracking down online harrassers.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Ahh... yeah, otherwise, you'd have to essentially go through law enforcement and ISPs.
> so i guess there's no real way of tracking down online harrassers.
no there is no way, except you physically control all servers and devices inbetwwen the harrasser and your server simultanously exactly in that moment the connection is stablished.
This is most likely a legal not a technical problem.
With a little bit of javascript you may be able to glean more information about their machine and setup, like window size, browser, color depth, screen size, os, such that you could more or less uniquely fingerprint this user and block him, or better yet, schedule his posts for automatic deletion 5 mins after he posts them.  That way he won't suspect anything and think that the board admin is just *really* on top of things :)
javascript??
for me the only legal reason to mention that in a *Security TA* is in conjunction with malware ;-)
Do you really think a harrasser allows you to execute malware in his browser?
I don't mean resort to malware.  Plenty of legitimate scripts (for instance, the one provided with awstats) do this to get statistical info from visitors.  My website uses a script that gets screen size and color depth, so I know what my pages look like to most of my visitors.  It's not malware, just asking the browser a few things it might know.

If the visitor is doing something illegal, and not just annoying, complain to his ISP.  They know who he is and can deal with him if he is using their service for an illegal purpose.
Using the DNS name can be unreliable as a number of addresses don't have reverse DNS to map the address back to a name.

The IP registries (ARIN in the US, RIPE in Europe, APNIC in the Asia Pacific region, LACNIC in Latin America and AFRINIC in Africa) all have registrations of which blocks of addresses are registered to which organisation.  Unfortunately, if the vast majoirity of your users are home broadband people with one address you are likely to find big assignments of IP addresses in the registry databases to "XYZ provider broadband users".

For IP addresses used by most businesses - ie: more than just 1 address - there will usually be something registered for the owner.

The database you need to look in is the Whois database; for example you can query the one on Arin's home page (www.arin.net) or RIPE's (www.ripe.net).  There is a protocol (the whois protocol) to get this information directly from the database server - a google for 'windows whois client' will provide a wealth of shareware that might help.
Commented:
> IP tracking?

Sure

> possible to find out more than just the Host of the ip user
> would I be able to find out anything else?

Those with dedicated addresses can have their names and addresses made available as the licensee (registration process requires human contact)

aneeshattingal > Tracert hotmail.com

:-))    cute

> yeah that's all i've been able to do. it was just out of curiosity, so i guess there's no real way of tracking down online harrassers.

Oh. OK, I'll agree with masnrock too...
Odds are that a harasser does not think they will be caught, getting randomly obscure IP from ISP or whatever.

ahoffmann >  think a harrasser allows you to execute malware

hmm. Interesting question. My guess is yes they would, but I don't happen to know any harassers, or avoid them well, or whatever

csgeekpyro > If the visitor is doing something illegal, and not just annoying, complain to his ISP.

by all means.
and .... what is this deal about message and harassing?
For example, if you are the coder or manager, have IDs and passwords and kick their tail back across the border if they refuse to obey rules. If they break in, kill their address, even to point of denying entire ISP

If it is not your message board, like
www.experts-exchange.com
then raising issue with site administrator is in order, and if they do not act then the board is no good, move on, there's plenty to pick from on that front

PaulThornton > Using the DNS name can be unreliable as a number of addresses don't have reverse DNS to map the address back to a name.

not really, all can have a name, it just might be the name of an ISP, not the actual punk-rocker across the street (or jock... or ...) from where you live - who needs education in manners. The reverse lookup issue is more LAN based than WAN

>  there will usually be something registered for the owner.

:-))

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
I wasn't very clear about the IP address reverse DNS...  Of course, as SunBow says, all IP addresses can resolve back to a hostname - however don't rely on all of them actually doing so as configuring this is sadly quite a neglected part of IP address administration for some providers (mentioning no names, of course!).
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.