Saw your post.Need help

Bill Stewart bill.stewart at pobox.com
Thu Feb 1 19:13:40 PST 2001


>On 31/01/2001 08:37:55 PM OMC wrote:
>> Is there any way to track down someones address from ip number.  Someone is
>> sending me malicious email and i want to identify who he is.
>
>> I have his basic information.  Can you help me?

Depends a lot on what "basic information" means.

At 09:11 AM 2/1/01 +1000, Kevin Cousins wrote:
>  Focus your query on "DNS reverse lookup" or similar.

An IP address identifies an interface on a machine,
and the machine is probably either operated by a service provider
or gets connectivity from a service provider.
Depending on the service provider, you might or might not be able
to accurately identify an account on the machine in question, 
and may or may not get them to tell you what information they know about
the account;
if they give it to you, that information may or may not actually provide you 
true or usable contact information about the owner of the account, 
who may or may not be the person actually _using_ the account to send you
the mail.
Alternatively, the service provider may have a privacy policy that
refuses to tell _you_ the information about the account,
but may allow them to delete the account if the user violates their policies.

So start with the address you have - is it the address for a well-known 
free email service (e.g. hotmail, yahoo, iname, mail.com, netzero, juno).
If so, Murphy says the account holder probably provided bogus or 
non-useful info when setting up the account, so even if their privacy
policy lets them tell you that the account belongs to
"Bill Clinton, 1600 Pennsylvania Ave, Washington DC",
the return address is no longer valid.  But you might get the ISP
to delete the email account; that's the most you'll get
unless there's clear criminal activity or you want to hire a 
lawyer for a lawsuit.

If it's a commercial ISP providing non-free service, the user might
have a real account they're paying for, which means they're more
likely to have used real account information, but the ISP is likely
to be less willing to tell you any of it, or to delete the account
because they're making money from it, unless it clearly violates
their terms of service.

If all you know is the IP address, how do you find the machine?
The whois function on arin.net lets you look up the IP address,
which may belong to the machine's owner, or else to an ISP.
The whois function on betterwhois.com can tell you registration information
about the domain name of the machine.
Traceroute's pretty good about identifying machines, and hence ISPs,
which is particularly useful if the IP address is on a machine belonging 
to the person you dislike rather than a sevice provider.
(MSWindows's "tracert" is a wimpy version of the same utility.)
Of course, that doesn't always work, especially if the machine hosts
a bunch of domain names for customers (most web servers do;
many email servers also do), so the same IP address is used for
bigisp.net and user1 at bigisp.com and also user1-domain.com,
for user1, user2, user3, .... etc.  ISPs are usually even less willing
to drop paying customers with large machine connections,
unless there's a spam problem.

It used to be that in cyberspace, nobody could hear you scream,
but most machines have sound cards these days.
You could record some screams and email them to the miscreant,
then see if you can hear them when they receive and play them :-)
It's more effective for people in your office than outsiders. :-)

				Thanks! 
					Bill
Bill Stewart, bill.stewart at pobox.com
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639





More information about the cypherpunks-legacy mailing list