On 31/01/2001 08:37:55 PM OMC wrote:
Is there any way to track down someones address from ip number. Someone is sending me malicious email and i want to identify who he is.
I have his basic information. Can you help me?
Your request arrived on the cypherpunks maimling list, a general discussion forum for cryptology, so I don't quite see how your query is particularly relevant to that topic. That aside, assuming you're asking about /machine names and web addresses/, then you're asking about fundamental domain name system operating issues, and as such, you should be able to find the answer to your question in any of dozens of texts, or else a quick web search will reveal all you need to know. Focus your query on "DNS reverse lookup" or similar. Note: for some long time, Microsoft, in their (questionable) wisdom, released severely incomplete implementations of DNS tools, effectively making reverse lookup infeasible. I'm almost certain that they've now had to bow to peer pressure and implement it properly, so to some extent, your success will depend on how current your Microsoft installation actually is. Alternatively, if you're instead asking how to determine someone's street address given only an IP address, then you seek an answer as daft as the one you'd get if you asked "How do I determine someone's street address given only a malicious letter (which presumably has no return address) that they've sent to me". I suppose it might be doable in some sense (you might be able to find the postal address of the ISP used by your malicious correspondent), but to attempt such an investigation would mark you as a great prat. -- Kevin. ----------------------------------------------------------------- Visit our Internet site at http://www.reuters.com Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd.
On 31/01/2001 08:37:55 PM OMC wrote:
Is there any way to track down someones address from ip number. Someone is sending me malicious email and i want to identify who he is.
I have his basic information. Can you help me?
Depends a lot on what "basic information" means. At 09:11 AM 2/1/01 +1000, Kevin Cousins wrote:
Focus your query on "DNS reverse lookup" or similar.
An IP address identifies an interface on a machine, and the machine is probably either operated by a service provider or gets connectivity from a service provider. Depending on the service provider, you might or might not be able to accurately identify an account on the machine in question, and may or may not get them to tell you what information they know about the account; if they give it to you, that information may or may not actually provide you true or usable contact information about the owner of the account, who may or may not be the person actually _using_ the account to send you the mail. Alternatively, the service provider may have a privacy policy that refuses to tell _you_ the information about the account, but may allow them to delete the account if the user violates their policies. So start with the address you have - is it the address for a well-known free email service (e.g. hotmail, yahoo, iname, mail.com, netzero, juno). If so, Murphy says the account holder probably provided bogus or non-useful info when setting up the account, so even if their privacy policy lets them tell you that the account belongs to "Bill Clinton, 1600 Pennsylvania Ave, Washington DC", the return address is no longer valid. But you might get the ISP to delete the email account; that's the most you'll get unless there's clear criminal activity or you want to hire a lawyer for a lawsuit. If it's a commercial ISP providing non-free service, the user might have a real account they're paying for, which means they're more likely to have used real account information, but the ISP is likely to be less willing to tell you any of it, or to delete the account because they're making money from it, unless it clearly violates their terms of service. If all you know is the IP address, how do you find the machine? The whois function on arin.net lets you look up the IP address, which may belong to the machine's owner, or else to an ISP. The whois function on betterwhois.com can tell you registration information about the domain name of the machine. Traceroute's pretty good about identifying machines, and hence ISPs, which is particularly useful if the IP address is on a machine belonging to the person you dislike rather than a sevice provider. (MSWindows's "tracert" is a wimpy version of the same utility.) Of course, that doesn't always work, especially if the machine hosts a bunch of domain names for customers (most web servers do; many email servers also do), so the same IP address is used for bigisp.net and user1@bigisp.com and also user1-domain.com, for user1, user2, user3, .... etc. ISPs are usually even less willing to drop paying customers with large machine connections, unless there's a spam problem. It used to be that in cyberspace, nobody could hear you scream, but most machines have sound cards these days. You could record some screams and email them to the miscreant, then see if you can hear them when they receive and play them :-) It's more effective for people in your office than outsiders. :-) Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
participants (2)
-
Bill Stewart
-
Kevin Cousins