?
Solved

IP Address Demographics

Posted on 2009-05-11
10
Medium Priority
?
412 Views
Last Modified: 2012-05-06
Hi all, Have been googling for a definitive answer to the below query and had mixed responses. I have noticed potentially some supsect activity on our web server logs. I have the visitors IP who has potnetially been attemtped XSS against one of our web apps, but wondered what I can get from this IP, i.e. where in the world the visitor is based, their service provider, anything more ? Any tools or forensic procedures I can apply to find out more about whoever this is, with just their IP address?

Regards
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 7

Assisted Solution

by:Sappbrosts
Sappbrosts earned 400 total points
ID: 24355208
www.whois.sc should give you some information, ISP, etc
0
 
LVL 7

Expert Comment

by:dineesh
ID: 24355237
0
 
LVL 3

Author Comment

by:pma111
ID: 24355284
Is it fair to say with just an IP address I'd never find or be able to nail a specific person who used that Ip to try and compromise my site?
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 3

Author Comment

by:pma111
ID: 24355295
And was does the 192.xxx.x.xxx 192 portion of the IP indicate?
0
 
LVL 7

Accepted Solution

by:
dineesh earned 800 total points
ID: 24355318
Hi,

You can nail it to a person - involves a lot of work with the Cyber Crime Dept in your country.

If you find the ISP of the absuer - you can write to the isp - normally its abuse@ispdomain

Regards
Dinesh
0
 
LVL 3

Author Comment

by:pma111
ID: 24355340
I take it cyber crime dept have certain powers that let them see data the standard network admin couldnt?
0
 
LVL 7

Expert Comment

by:dineesh
ID: 24355370
Hi,

They have certain treaty signed between countries to have have access to such data.

regards
DInesh
0
 
LVL 3

Author Comment

by:pma111
ID: 24355840
Thanks Dinesh

And what does the 192.xxx.x.xxx

what does the 192 portion of the IP indicate
0
 
LVL 3

Author Comment

by:pma111
ID: 24355850
PS - Do you no the name of the treaty Id like to read more
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 800 total points
ID: 24359790
>And what does the 192.xxx.x.xxx
>
>what does the 192 portion of the IP indicate

It's a private IP address.  Not the one you are looking for.  Non-routable on the public internet.


You should bring in the help of at least a junior admin or help-desk person.  A little basic networking knowledge will go a long way.

Also, given the many thousands of intrusion attempts (even successful cracks), there is little likelihood that there will be multinational support for a suspicion of attempted cross-site scripting.

Definitely no hope if you come to them with an IP address of 192.xxx.xxx.xxx

Think of bad horror flicks where the cops are telling the 9-1-1 caller: "The killer is inside your house.  _Inside_ your house!"



0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
Let's recap what we learned from yesterday's Skyport Systems webinar.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question