Solved

IP Address Demographics

Posted on 2009-05-11
10
393 Views
Last Modified: 2012-05-06
Hi all, Have been googling for a definitive answer to the below query and had mixed responses. I have noticed potentially some supsect activity on our web server logs. I have the visitors IP who has potnetially been attemtped XSS against one of our web apps, but wondered what I can get from this IP, i.e. where in the world the visitor is based, their service provider, anything more ? Any tools or forensic procedures I can apply to find out more about whoever this is, with just their IP address?

Regards
0
Comment
Question by:pma111
10 Comments
 
LVL 7

Assisted Solution

by:Sappbrosts
Sappbrosts earned 100 total points
ID: 24355208
www.whois.sc should give you some information, ISP, etc
0
 
LVL 7

Expert Comment

by:dineesh
ID: 24355237
0
 
LVL 3

Author Comment

by:pma111
ID: 24355284
Is it fair to say with just an IP address I'd never find or be able to nail a specific person who used that Ip to try and compromise my site?
0
 
LVL 3

Author Comment

by:pma111
ID: 24355295
And was does the 192.xxx.x.xxx 192 portion of the IP indicate?
0
 
LVL 7

Accepted Solution

by:
dineesh earned 200 total points
ID: 24355318
Hi,

You can nail it to a person - involves a lot of work with the Cyber Crime Dept in your country.

If you find the ISP of the absuer - you can write to the isp - normally its abuse@ispdomain

Regards
Dinesh
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 3

Author Comment

by:pma111
ID: 24355340
I take it cyber crime dept have certain powers that let them see data the standard network admin couldnt?
0
 
LVL 7

Expert Comment

by:dineesh
ID: 24355370
Hi,

They have certain treaty signed between countries to have have access to such data.

regards
DInesh
0
 
LVL 3

Author Comment

by:pma111
ID: 24355840
Thanks Dinesh

And what does the 192.xxx.x.xxx

what does the 192 portion of the IP indicate
0
 
LVL 3

Author Comment

by:pma111
ID: 24355850
PS - Do you no the name of the treaty Id like to read more
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 200 total points
ID: 24359790
>And what does the 192.xxx.x.xxx
>
>what does the 192 portion of the IP indicate

It's a private IP address.  Not the one you are looking for.  Non-routable on the public internet.


You should bring in the help of at least a junior admin or help-desk person.  A little basic networking knowledge will go a long way.

Also, given the many thousands of intrusion attempts (even successful cracks), there is little likelihood that there will be multinational support for a suspicion of attempted cross-site scripting.

Definitely no hope if you come to them with an IP address of 192.xxx.xxx.xxx

Think of bad horror flicks where the cops are telling the 9-1-1 caller: "The killer is inside your house.  _Inside_ your house!"



0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now