Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

IP Address Demographics

Posted on 2009-05-11
10
Medium Priority
?
420 Views
Last Modified: 2012-05-06
Hi all, Have been googling for a definitive answer to the below query and had mixed responses. I have noticed potentially some supsect activity on our web server logs. I have the visitors IP who has potnetially been attemtped XSS against one of our web apps, but wondered what I can get from this IP, i.e. where in the world the visitor is based, their service provider, anything more ? Any tools or forensic procedures I can apply to find out more about whoever this is, with just their IP address?

Regards
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 7

Assisted Solution

by:Sappbrosts
Sappbrosts earned 400 total points
ID: 24355208
www.whois.sc should give you some information, ISP, etc
0
 
LVL 7

Expert Comment

by:dineesh
ID: 24355237
0
 
LVL 3

Author Comment

by:pma111
ID: 24355284
Is it fair to say with just an IP address I'd never find or be able to nail a specific person who used that Ip to try and compromise my site?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Author Comment

by:pma111
ID: 24355295
And was does the 192.xxx.x.xxx 192 portion of the IP indicate?
0
 
LVL 7

Accepted Solution

by:
dineesh earned 800 total points
ID: 24355318
Hi,

You can nail it to a person - involves a lot of work with the Cyber Crime Dept in your country.

If you find the ISP of the absuer - you can write to the isp - normally its abuse@ispdomain

Regards
Dinesh
0
 
LVL 3

Author Comment

by:pma111
ID: 24355340
I take it cyber crime dept have certain powers that let them see data the standard network admin couldnt?
0
 
LVL 7

Expert Comment

by:dineesh
ID: 24355370
Hi,

They have certain treaty signed between countries to have have access to such data.

regards
DInesh
0
 
LVL 3

Author Comment

by:pma111
ID: 24355840
Thanks Dinesh

And what does the 192.xxx.x.xxx

what does the 192 portion of the IP indicate
0
 
LVL 3

Author Comment

by:pma111
ID: 24355850
PS - Do you no the name of the treaty Id like to read more
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 800 total points
ID: 24359790
>And what does the 192.xxx.x.xxx
>
>what does the 192 portion of the IP indicate

It's a private IP address.  Not the one you are looking for.  Non-routable on the public internet.


You should bring in the help of at least a junior admin or help-desk person.  A little basic networking knowledge will go a long way.

Also, given the many thousands of intrusion attempts (even successful cracks), there is little likelihood that there will be multinational support for a suspicion of attempted cross-site scripting.

Definitely no hope if you come to them with an IP address of 192.xxx.xxx.xxx

Think of bad horror flicks where the cops are telling the 9-1-1 caller: "The killer is inside your house.  _Inside_ your house!"



0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question