Thread: Forum Moderation Question
View Single Post
Old 10-25-2010, 02:04 PM   #12
brk-lnt
Senior Member
 
brk-lnt's Avatar
 
Join Date: Aug 2007
Location: South Down Shores
Posts: 1,937
Thanks: 532
Thanked 568 Times in 334 Posts
Default
Quote:
Originally Posted by BroadHopper View Post
I don't have the software, but I am aware that IT folks at large corporations, LEOs, and DOD have the ability to track down IP addresses.
Hackers are known to have the ability as well. If you google enough and able to get a sympathetic hacker you can get one fairly easy.
I use to work for a large defense mfg and they use the software to see if those who log in to the system are legitimate. One of the IT folks showed me how it works. It actually tracks all the servers and routers that it uses as it travels across the US. It is truly mind boggling.

It is possible to 'see' who is logging in from a specific computer. Microsoft uses the same technique to determine copyrights of their software. Some banks such as mine uses it to make sure that it is the right person logging into an account. It is pretty widespread practice.
An IP address generally does not reveal very much, especially in the case of end-user coming through consumer ISPs. All you'll get is information on what ISP the end user is using.

If you have a subpoena, you can request that the ISP divulge what account a given IP addressed was assigned to at a particular time. But you, or your standard IT buddies, can't easily get at that info. If the ISP has weak security and you have a way to penetrate their firewall and get to customer billing data, then you might be able to find out in a highly illegal manner.

Forum software, like the package running this site, keeps a log of IP addresses a user logs in from. A person with admin privileges can usually see:
1) The IP address a user was using when a particular post was made
2) Other users that have used that same IP (useful for detecting sock puppets)
3) Other IPs that user has logged in from previously.

From your PC you can often run a traceroute from a command prompt by doing "tracert [ipaddress]". You'll see the router path through the Internet between your PC and the Ip address you are tracing too. Most ISP's label at least their perimeter routers with names that are abbreviations for the city.

Here is part of the traceroute between my laptop and the closest google.com server:
4 vlan150.car2.boston1.level3.net (4.53.50.177) 6.244 ms 7.386 ms 5.076 ms
5 ae-2-5.bar2.boston1.level3.net (4.69.132.250) 5.687 ms 6.139 ms 6.277 ms
6 ae-8-8.ebr1.newyork1.level3.net (4.69.140.98) 10.764 ms 9.889 ms 12.354 ms
7 ae-91-91.csw4.newyork1.level3.net (4.69.134.78) 19.366 ms
ae-61-61.csw1.newyork1.level3.net (4.69.134.66) 18.484 ms 19.942 ms
8 ae-4-99.edge1.newyork1.level3.net (4.68.16.206) 77.280 ms 12.439 ms
ae-1-69.edge1.newyork1.level3.net (4.68.16.14) 9.639 ms
9 google-inc.edge1.newyork1.level3.net (4.71.172.86) 51.784 ms
google-inc.edge1.newyork1.level3.net (4.71.172.82) 10.166 ms
google-inc.edge1.newyork1.level3.net (4.71.172.86) 9.941 ms
10 72.14.238.232 (72.14.238.232) 12.548 ms 10.333 ms 51.217 ms
11 216.239.48.24 (216.239.48.24) 9.740 ms 18.817 ms 10.792 ms
12 lga15s14-in-f104.1e100.net (173.194.33.104) 9.927 ms 10.028 ms 10.548 ms
brks-macbook-pro:~ brk$

You can see that this appears to be directed to a Level3 datacenter in New York.


You can also use the whois utility to see who an IP address is registered to. I'm not sure if this comes with Windows by default or not, but you can also run similar queries on certain websites. Here is the whois data for the IP address of the google server from above:


brks-macbook-pro:~ brk$ whois 173.194.33.104
#
# Query terms are ambiguous. The query is assumed to be:
# "n 173.194.33.104"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=17...showARIN=false
#

NetRange: 173.194.0.0 - 173.194.255.255
CIDR: 173.194.0.0/16
OriginAS: AS15169
NetName: GOOGLE
NetHandle: NET-173-194-0-0-1
Parent: NET-173-0-0-0-0
NetType: Direct Allocation
NameServer: NS2.GOOGLE.COM
NameServer: NS3.GOOGLE.COM
NameServer: NS4.GOOGLE.COM
NameServer: NS1.GOOGLE.COM
RegDate: 2009-08-17
Updated: 2010-08-23
Ref: http://whois.arin.net/rest/net/NET-173-194-0-0-1


OrgName: Google Inc.
OrgId: GOGL
Address: 1600 Amphitheatre Parkway
City: Mountain View
StateProv: CA
PostalCode: 94043
Country: US
RegDate: 2000-03-30
Updated: 2009-08-07
Ref: http://whois.arin.net/rest/org/GOGL

OrgTechHandle: ZG39-ARIN
OrgTechName: Google Inc
OrgTechPhone: +1-650-253-0000
OrgTechEmail: arin-contact@google.com
OrgTechRef: http://whois.arin.net/rest/poc/ZG39-ARIN

None of this is particularly revealing information. In fact the Google IP in New York lists the address for their main office in Mountain View.

The whois data for the IP address of my cable modem at home yields this highly confidential info:


Comcast Cable Communications Holdings, Inc CCCH-3-34 (NET-75-64-0-0-1) 75.64.0.0 - 75.75.191.255
Comcast Cable Communications Holdings, Inc BOSTON-12 (NET-75-67-0-0-1) 75.67.0.0 - 75.67.255.255
__________________
[insert witty phrase here]
brk-lnt is offline   Reply With Quote