Author Topic: Finding an IP Address (Read 403 times)

Golfer · « **on:** January 10, 2007, 05:53:35 PM »

I posted this in the O'Club but hope to have at least equal or better luck here:

I'm looking to see if there are legal methods to go about finding out who a particular IP address belongs to at least giving me a radius of where it could be. I'd prefer to be able to "show my work" legally rather than circumvent a law or privacy policy and find myself in trouble.

I don't need to know the last time they went to the bathroom but I would like to find within a reasonable distance where something came from.

I wish I could be more specific so if any of the tech types out there could help me with this I'd be very much appreciative.

At very least what about websites like people-search.com and the like?

I'm not looking to see someone "pay" as it were. I just want to be able to prove that something wasn't done by me. Admissible in court isn't the goal...just to have something that says "computer A is my computer and computer B accessed/did this at this time." I'd like to find something that would at least put a date/time on something that I can show I most certainly was not able to do that.

Thanks.

Spatula · « **Reply #1 on:** January 10, 2007, 06:55:08 PM »

Im not sure what your exactly after, but you may be interested in "whois". its a protocol for determining who owns particular IP address or ranges of IP addresses.

http://en.wikipedia.org/wiki/Whois

to do an actual whois try:
http://www.networksolutions.com/whois/index.jsp

The only problem is whois only tells you who owns that IP address not WHO was actually using that IP address. Most members of the public get an IP address assigned at random from there ISP's pool of IP addresses the first time you connect to their network. As broadband is usually 'always connected' the typical broadband user may get a IP address and keep it for days or weeks even until the modem reconnects. Some ISPs may even give people static IP addresses, which means the user keeps it permanently, but whois may not show that arrangement.

jigsaw · « **Reply #2 on:** January 10, 2007, 08:49:59 PM »

Google for "whois" and "nslookup" tools. Once you find the ISP that owns the IP address, lookup their abuse or customer service contact and hand the issue over to them.

You have to be careful of how you handle such issues or you could find yourself on the other end of a cyberstalking suit.

Golfer · « **Reply #3 on:** January 10, 2007, 09:09:31 PM »

I'm well aware. Right now it has to do with someone taking something I made, posting it on to the internet for me and then telling someone it was there. The b1tch of it is they didn't actually break a law...but I'm in some crosshairs. I just want to prove myself innocent rather than them guilty.

Thanks for the heads up though. I'm definately walking a fine line and its hard for some of my friends to understand that. We "know" who did it...but can't prove it. The rub is if I do prove it I would be the one breaking the rules so I'm kind of stuck

Auger · « **Reply #4 on:** January 13, 2007, 12:06:51 PM »

Golfer, how close of a radius do you need? About as close as you can get without using a warrant or subpoena to the ISP is to use traceroute and look at the router names. Most providers will include the city and state somewhere in the name of each device the packet goes through. It can be a bit cryptic sometimes, but I have had a fairly good success rate with it, especially when whois doesn't provide enough information.

As an example, here are some hops from my PC to one of the HTC servers:

5 tbr2-p013901.cgcil.ip.att.net (12.123.210.17) 47.759 ms 46.961 ms 48.536 ms
6 tbr2-cl7.sl9mo.ip.att.net (12.122.10.46) 48.104 ms 53.957 ms 44.023 ms
7 tbr1-cl24.sl9mo.ip.att.net (12.122.9.141) 63.489 ms 44.511 ms 44.473 ms
8 tbr2-cl6.dlstx.ip.att.net (12.122.10.90) 40.362 ms 42.098 ms 39.198 ms
9 br2-a3120s9.dlstx.ip.att.net (12.123.16.213) 40.269 ms 39.137 ms 49.582 ms
10 mdf1-gsr12-1-pos-6-0.dal1.attens.net (12.122.255.78) 39.170 ms 38.685 ms 39.775 ms
11 mdf1-bi8k-1-eth-1-4.dal1.attens.net (63.241.192.42) 44.722 ms 402.591 ms 44.485 ms

cgcil is Chicago, sl9mo is St. Loius and dlstx is Dallas. You can usually get to the nearest large city with a traceroute.

If you're using Windows, the command is tracert.

Oh, and if you're worried about tipping off the perp, you can just traceroute to an address in the same netblock. He'll never get a packet. Just make sure he doesn't have the whole netblock registered.

Golfer · « **Reply #5 on:** January 13, 2007, 01:03:42 PM »

I've found out that they have a dynamic IP which I think works in my favor. At least as far as tipping them off that I traced their IP. If I trace the route to the router it branches off from (I have 2 "suspect" IPs logged) that show the router it finally leaves to their home. Then trace a known (i.e. an email that was sent from their house) with that IP and it shows that same route...I think I'm golden.

Free, clear and legal. I'm not in the mood for legal repercussions (as I'm forced into the "noble" stance of giving the chitbag a free pass) and none of this will ever hold in up in criminal court given that is is 100% circumstantial. Not that it needs to because they didn't actually commit a crime (this REALLY makes me mad) but it will clear my name.