Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 424
  • Last Modified:

IP Address Demographics

Hi all, Have been googling for a definitive answer to the below query and had mixed responses. I have noticed potentially some supsect activity on our web server logs. I have the visitors IP who has potnetially been attemtped XSS against one of our web apps, but wondered what I can get from this IP, i.e. where in the world the visitor is based, their service provider, anything more ? Any tools or forensic procedures I can apply to find out more about whoever this is, with just their IP address?

Regards
0
pma111
Asked:
pma111
3 Solutions
 
SappbrostsCommented:
www.whois.sc should give you some information, ISP, etc
0
 
dineeshCommented:
0
 
pma111Author Commented:
Is it fair to say with just an IP address I'd never find or be able to nail a specific person who used that Ip to try and compromise my site?
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
pma111Author Commented:
And was does the 192.xxx.x.xxx 192 portion of the IP indicate?
0
 
dineeshCommented:
Hi,

You can nail it to a person - involves a lot of work with the Cyber Crime Dept in your country.

If you find the ISP of the absuer - you can write to the isp - normally its abuse@ispdomain

Regards
Dinesh
0
 
pma111Author Commented:
I take it cyber crime dept have certain powers that let them see data the standard network admin couldnt?
0
 
dineeshCommented:
Hi,

They have certain treaty signed between countries to have have access to such data.

regards
DInesh
0
 
pma111Author Commented:
Thanks Dinesh

And what does the 192.xxx.x.xxx

what does the 192 portion of the IP indicate
0
 
pma111Author Commented:
PS - Do you no the name of the treaty Id like to read more
0
 
aleghartCommented:
>And what does the 192.xxx.x.xxx
>
>what does the 192 portion of the IP indicate

It's a private IP address.  Not the one you are looking for.  Non-routable on the public internet.


You should bring in the help of at least a junior admin or help-desk person.  A little basic networking knowledge will go a long way.

Also, given the many thousands of intrusion attempts (even successful cracks), there is little likelihood that there will be multinational support for a suspicion of attempted cross-site scripting.

Definitely no hope if you come to them with an IP address of 192.xxx.xxx.xxx

Think of bad horror flicks where the cops are telling the 9-1-1 caller: "The killer is inside your house.  _Inside_ your house!"



0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now