Solved

IP Address Demographics

Posted on 2009-05-11
10
406 Views
Last Modified: 2012-05-06
Hi all, Have been googling for a definitive answer to the below query and had mixed responses. I have noticed potentially some supsect activity on our web server logs. I have the visitors IP who has potnetially been attemtped XSS against one of our web apps, but wondered what I can get from this IP, i.e. where in the world the visitor is based, their service provider, anything more ? Any tools or forensic procedures I can apply to find out more about whoever this is, with just their IP address?

Regards
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 7

Assisted Solution

by:Sappbrosts
Sappbrosts earned 100 total points
ID: 24355208
www.whois.sc should give you some information, ISP, etc
0
 
LVL 7

Expert Comment

by:dineesh
ID: 24355237
0
 
LVL 3

Author Comment

by:pma111
ID: 24355284
Is it fair to say with just an IP address I'd never find or be able to nail a specific person who used that Ip to try and compromise my site?
0
Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

 
LVL 3

Author Comment

by:pma111
ID: 24355295
And was does the 192.xxx.x.xxx 192 portion of the IP indicate?
0
 
LVL 7

Accepted Solution

by:
dineesh earned 200 total points
ID: 24355318
Hi,

You can nail it to a person - involves a lot of work with the Cyber Crime Dept in your country.

If you find the ISP of the absuer - you can write to the isp - normally its abuse@ispdomain

Regards
Dinesh
0
 
LVL 3

Author Comment

by:pma111
ID: 24355340
I take it cyber crime dept have certain powers that let them see data the standard network admin couldnt?
0
 
LVL 7

Expert Comment

by:dineesh
ID: 24355370
Hi,

They have certain treaty signed between countries to have have access to such data.

regards
DInesh
0
 
LVL 3

Author Comment

by:pma111
ID: 24355840
Thanks Dinesh

And what does the 192.xxx.x.xxx

what does the 192 portion of the IP indicate
0
 
LVL 3

Author Comment

by:pma111
ID: 24355850
PS - Do you no the name of the treaty Id like to read more
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 200 total points
ID: 24359790
>And what does the 192.xxx.x.xxx
>
>what does the 192 portion of the IP indicate

It's a private IP address.  Not the one you are looking for.  Non-routable on the public internet.


You should bring in the help of at least a junior admin or help-desk person.  A little basic networking knowledge will go a long way.

Also, given the many thousands of intrusion attempts (even successful cracks), there is little likelihood that there will be multinational support for a suspicion of attempted cross-site scripting.

Definitely no hope if you come to them with an IP address of 192.xxx.xxx.xxx

Think of bad horror flicks where the cops are telling the 9-1-1 caller: "The killer is inside your house.  _Inside_ your house!"



0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question