On 31/01/2001 08:37:55 PM OMC wrote:
Is there any way to track down someones address from ip number. Someone is sending me malicious email and i want to identify who he is.
I have his basic information. Can you help me?
Depends a lot on what "basic information" means. At 09:11 AM 2/1/01 +1000, Kevin Cousins wrote:
Focus your query on "DNS reverse lookup" or similar.
An IP address identifies an interface on a machine, and the machine is probably either operated by a service provider or gets connectivity from a service provider. Depending on the service provider, you might or might not be able to accurately identify an account on the machine in question, and may or may not get them to tell you what information they know about the account; if they give it to you, that information may or may not actually provide you true or usable contact information about the owner of the account, who may or may not be the person actually _using_ the account to send you the mail. Alternatively, the service provider may have a privacy policy that refuses to tell _you_ the information about the account, but may allow them to delete the account if the user violates their policies. So start with the address you have - is it the address for a well-known free email service (e.g. hotmail, yahoo, iname, mail.com, netzero, juno). If so, Murphy says the account holder probably provided bogus or non-useful info when setting up the account, so even if their privacy policy lets them tell you that the account belongs to "Bill Clinton, 1600 Pennsylvania Ave, Washington DC", the return address is no longer valid. But you might get the ISP to delete the email account; that's the most you'll get unless there's clear criminal activity or you want to hire a lawyer for a lawsuit. If it's a commercial ISP providing non-free service, the user might have a real account they're paying for, which means they're more likely to have used real account information, but the ISP is likely to be less willing to tell you any of it, or to delete the account because they're making money from it, unless it clearly violates their terms of service. If all you know is the IP address, how do you find the machine? The whois function on arin.net lets you look up the IP address, which may belong to the machine's owner, or else to an ISP. The whois function on betterwhois.com can tell you registration information about the domain name of the machine. Traceroute's pretty good about identifying machines, and hence ISPs, which is particularly useful if the IP address is on a machine belonging to the person you dislike rather than a sevice provider. (MSWindows's "tracert" is a wimpy version of the same utility.) Of course, that doesn't always work, especially if the machine hosts a bunch of domain names for customers (most web servers do; many email servers also do), so the same IP address is used for bigisp.net and user1@bigisp.com and also user1-domain.com, for user1, user2, user3, .... etc. ISPs are usually even less willing to drop paying customers with large machine connections, unless there's a spam problem. It used to be that in cyberspace, nobody could hear you scream, but most machines have sound cards these days. You could record some screams and email them to the miscreant, then see if you can hear them when they receive and play them :-) It's more effective for people in your office than outsiders. :-) Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639