pinpointing IP

Secure Home | Search | About

Lost Password?

Networking Firewalls

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject

Author

Date

pinpointing IP

cmdjunkie

08-09-2007

mak

Moe Trin

Posted by on August 9, 2007, 12:11 pm

If you were Registered and logged in, you could reply and use other advanced thread options

When investigating an attack from a specific IP address, what
techniques are used to gather information on that IP address.
Obviously the typical whois query and IP information lookup are a
must, but what else can be done to singleout a potential threat.

Also, when an attacker's IP address is registered to an online service
(like AOL in this case), what measures can be taken to specially
identify the attacker? I'm aware of AOL's Dynamically Assigned
Hardware Addressing, so when a client disconnects the IP is usually
reassigned, but I would imagine they would keep a log of IP's to their
respective users at specific times.

Posted by mak on August 10, 2007, 7:50 am

If you were Registered and logged in, you could reply and use other advanced thread options

cmdjunkie@gmail.com wrote:

> When investigating an attack from a specific IP address, what

> techniques are used to gather information on that IP address.

> Obviously the typical whois query and IP information lookup are a

> must, but what else can be done to singleout a potential threat.

> Also, when an attacker's IP address is registered to an online service

> (like AOL in this case), what measures can be taken to specially

> identify the attacker? I'm aware of AOL's Dynamically Assigned

> Hardware Addressing, so when a client disconnects the IP is usually

> reassigned, but I would imagine they would keep a log of IP's to their

> respective users at specific times.

well, call 1800 AOL4ever and ask them to give you the attackers home phone
number,license plate and ssn.
if they won't give it up, hack into their database and find the information
yourself.

seriously:
what exactly do you want to do?
call the police if you have been violated and can proof it.
they can get the ip and other data from the provider - _if_ an actual crime has
been committed.
M

Posted by Moe Trin on August 10, 2007, 3:52 pm

If you were Registered and logged in, you could reply and use other advanced thread options

On Thu, 09 Aug 2007, in the Usenet newsgroup comp.security.firewalls, in article
wrote:

>When investigating an attack from a specific IP address, what

>techniques are used to gather information on that IP address.

>Obviously the typical whois query and IP information lookup are a

>must, but what else can be done to singleout a potential threat.

If in fact there really was an "attack" and not someone sending UDP
messenger spam (free clue - the source addresses are fake because
messenger spam is a one-way connection), then you call the cops - or
in your case, the state police. You want to have complete packet
captures, and let them handle it. If the incident involves crossing
a state line, they will involve the FBI. But it's _their_ call,
not yours.

>Also, when an attacker's IP address is registered to an online service

>(like AOL in this case), what measures can be taken to specially

>identify the attacker?

The cognizant law enforcement agency gets a subpoena, and serves it to
the provider.

>I'm aware of AOL's Dynamically Assigned Hardware Addressing, so when

>a client disconnects the IP is usually reassigned, but I would imagine

>they would keep a log of IP's to their respective users at specific

>times.

To an extent, yes. But then you are also assuming that the perpetrator
is at that address, not it's not some clueless id10ts PC that was
zombied. Are you sure you logs are showing the correct times?

Old guy

The site map in XML format XML site map