Solved

IP Address Demographics

Posted on 2009-05-11
10
402 Views
Last Modified: 2012-05-06
Hi all, Have been googling for a definitive answer to the below query and had mixed responses. I have noticed potentially some supsect activity on our web server logs. I have the visitors IP who has potnetially been attemtped XSS against one of our web apps, but wondered what I can get from this IP, i.e. where in the world the visitor is based, their service provider, anything more ? Any tools or forensic procedures I can apply to find out more about whoever this is, with just their IP address?

Regards
0
Comment
Question by:pma111
10 Comments
 
LVL 7

Assisted Solution

by:Sappbrosts
Sappbrosts earned 100 total points
ID: 24355208
www.whois.sc should give you some information, ISP, etc
0
 
LVL 7

Expert Comment

by:dineesh
ID: 24355237
0
 
LVL 3

Author Comment

by:pma111
ID: 24355284
Is it fair to say with just an IP address I'd never find or be able to nail a specific person who used that Ip to try and compromise my site?
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 3

Author Comment

by:pma111
ID: 24355295
And was does the 192.xxx.x.xxx 192 portion of the IP indicate?
0
 
LVL 7

Accepted Solution

by:
dineesh earned 200 total points
ID: 24355318
Hi,

You can nail it to a person - involves a lot of work with the Cyber Crime Dept in your country.

If you find the ISP of the absuer - you can write to the isp - normally its abuse@ispdomain

Regards
Dinesh
0
 
LVL 3

Author Comment

by:pma111
ID: 24355340
I take it cyber crime dept have certain powers that let them see data the standard network admin couldnt?
0
 
LVL 7

Expert Comment

by:dineesh
ID: 24355370
Hi,

They have certain treaty signed between countries to have have access to such data.

regards
DInesh
0
 
LVL 3

Author Comment

by:pma111
ID: 24355840
Thanks Dinesh

And what does the 192.xxx.x.xxx

what does the 192 portion of the IP indicate
0
 
LVL 3

Author Comment

by:pma111
ID: 24355850
PS - Do you no the name of the treaty Id like to read more
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 200 total points
ID: 24359790
>And what does the 192.xxx.x.xxx
>
>what does the 192 portion of the IP indicate

It's a private IP address.  Not the one you are looking for.  Non-routable on the public internet.


You should bring in the help of at least a junior admin or help-desk person.  A little basic networking knowledge will go a long way.

Also, given the many thousands of intrusion attempts (even successful cracks), there is little likelihood that there will be multinational support for a suspicion of attempted cross-site scripting.

Definitely no hope if you come to them with an IP address of 192.xxx.xxx.xxx

Think of bad horror flicks where the cops are telling the 9-1-1 caller: "The killer is inside your house.  _Inside_ your house!"



0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Ways to verify USB ports are blocked on 30,000 PCs/laptops 12 138
active directory 6 81
How to take over, control, & secure a network 9 82
PCI compliance 16 33
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question