|
|
|
| Join us!
|
|
|
|
|
|
 |
|
|
|
|
|
|
|
|
| Top forum users
|
|
|
|
|
|
 | Sokol
Reputation: 8
Posts 996
Registered: 2010-10-20 |  | Hunter
Reputation: 13
Posts 910
Registered: 2011-07-03 |  | Night
Reputation: 6
Posts 514
Registered: 2011-02-06 | |
|
|
|
|
|
|
|
|
|
| Need help with finding the source of an IP adress - Forum - Elite Tactical Squad |
|
|
|
| |
|
Need help with finding the source of an IP adress
| |
| Shadowhunt |
Date: Saturday, 2012-03-31, 8:06 PM | Message # 1 |
Major
Group: Clan Member
Xfire username:
Messages: 88
Status: Offline |
Hi there, so yesterday I got reports from the states that someone is trying to get their hands on our bank accounts and personal information. However I do have an IP adress from the intruder, but it does not lead to the correct location (meaning this person is probably using a proxy or IP adress software) So I need help to find out who's trying to get into our network. However I have an exercise for you or rather an example where you can prove to me if you're good at tracing false Ip adresses. If you give me the correct answer I will contact you : p Here's the Ip: 50.7.14.178
if you know the source of that IP just let me know  |
| |
| |
| detective |
Date: Saturday, 2012-03-31, 8:17 PM | Message # 2 |
Major general
Group: Clan Member
Xfire username: giorge421
Messages: 315
Status: Offline |
because i didn't understand what exacly do you want to do ?
 |
| |
| |
| Shadowhunt |
Date: Saturday, 2012-03-31, 8:32 PM | Message # 3 |
Major
Group: Clan Member
Xfire username:
Messages: 88
Status: Offline |
first of all, trace the Ip that I gave you above: 50.7.14.178
Once you know the source of that Ip you let me know and I'll give you the real Ip that I need to trace (I know the source of that false IP I gave you above so I know the answer) |
| |
| |
| Kazik |
Date: Saturday, 2012-03-31, 8:37 PM | Message # 4 |
 Major general
Group: Clan Leader
Xfire username: kazik90215
Messages: 275
Status: Offline |
Well, i suggest you to contact police. They will know what to do.
 |
| |
| |
| Shadowhunt |
Date: Saturday, 2012-03-31, 8:40 PM | Message # 5 |
Major
Group: Clan Member
Xfire username:
Messages: 88
Status: Offline |
yeah well as this happened in the US I'd have to go there and talk with the police if I can't solve it from here. |
| |
| |
| detective |
Date: Saturday, 2012-03-31, 9:08 PM | Message # 6 |
Major general
Group: Clan Member
Xfire username: giorge421
Messages: 315
Status: Offline |
yes go to the police and they will try to solve it.
Message edited by detective - Saturday, 2012-03-31, 9:09 PM |
| |
| |
| Sokol |
Date: Saturday, 2012-03-31, 10:26 PM | Message # 7 |
General
Group: Clan Manager
Xfire username: dariocod2
Messages: 996
Status: Offline |
This is quite interesting.I didn't know you could trace real IP adress if you have in possesion a false IP.
For me it sounds strange that , for example you use some IP programm that can change your IP to "x" and by using IP "x" you can get real IP "y".
Sadly I have only began studying about basics of computer networking and IP adresses.But will ask around , maybe my teacher will know xD
"Another trick is to use DNS. If you control the DNS server for your domain then you can see all requests coming in.
By creating a unique subdomain address for each visitor and embedding it somewhere in the HTML, you can check the client's real IP on the DNS server.
This will work so long as the client doesn't masquerade DNS."
Maybe this statement will help you out.
Honestly I have no idea how to unmask true IP.If the attacker used network such as Tor then it's nearly impossible to unmask true IP.
One of the proffesors in my school knows everything, literally everything about IP's.He might know the solution.Unfortunately I'm coming back at school in 10 days.
You can't climb the ladder of success with your hands in your pockets. |
| |
| |
| Shadowhunt |
Date: Saturday, 2012-03-31, 10:46 PM | Message # 8 |
Major
Group: Clan Member
Xfire username:
Messages: 88
Status: Offline |
Ok thanks a lot sokol, I know it's possible to trace the real Ip adress no matter what software you use, but of course it gets complicated. Before I pack my bags and head over to Seattle I'm gonna ask one of the SWAT members I just met here in Sweden (it's not actually called SWAT but it's called Insatsstyrkan which means Task Force) but if he can't I'll remain inactive for a week or 2 Added (2012-03-31, 10:46 PM)
---------------------------------------------
I haven't got 10 days to wait, I have to do something now or tommorow rather or we could lose most of my companies money and the employers money, that's not good at all : p |
| |
| |
| SucceededKiller |
Date: Saturday, 2012-03-31, 11:32 PM | Message # 9 |
 Colonel
Group: Webmaster
Xfire username: succeededkiller
Messages: 203
Status: Offline |
From what I understand, tracing the real IP of someone through a proxy is not something you can do yourself that easily. If it goes back to a proxy server you could try emailing the host or the ISP they use and ask for the details of people who were connected to you as most companies will assist you if a user is using their services to break the law; however this is alot easier for the police as they tend to have more integrity, the company will probably question your own motives for needing their details unless you can prove it to them that one of their users was doing something malicious...
Would it not be possible to only allow access to your bank accounts etc from a trusted IP? Preferably an internal one?
Also...do you have to go to America to get this sorted? Would your local police force not collaborate with forces in other countries to solve a problem like this?
Alla vill till himmelen men ingen vill dö
 |
| |
| |
| Shadowhunt |
Date: Sunday, 2012-04-01, 1:07 AM | Message # 10 |
Major
Group: Clan Member
Xfire username:
Messages: 88
Status: Offline |
No the local police won't solve crimes that are outside the country. As the company is American and the main offices are in Seattle and as it happened there they will have to deal with it. Even if the local police do find out who did it they still can't arrest someone that is in another country. I'm pretty sure this guy is American. However if someone tried to do it locally we would've seen it, as our IP addresses are very similar to each other and this one is way different. This morning I'll have a chat with one of the officers in insatsstyrkan. And you asked if the local police collaborate with forces in other countries? Yes they do, but not under these kind of circumstances. Added (2012-04-01, 1:07 AM)
---------------------------------------------
all the things you need to access our bank accounts are: Either my or my dad's password or the head of the security's password
you also need to know where the main offices are, and you have to be nearby to access it that's also why I don't think he's in California which his IP address said. We store important files locally that you can only access if you're connected to our network and you need one of our passwords |
| |
| |
| Apache |
Date: Sunday, 2012-04-01, 9:44 AM | Message # 11 |
 Lieutenant
Group: Clan friends
Xfire username: apachekitten
Messages: 57
Status: Offline |
50.7.14.178
NetName: FDCSERVERS
NetRange: 50.7.0.0 - 50.7.255.255
Address: 141 W Jackson Blvd. #1135
City: Chicago
StateProv: IL
PostalCode: 60604
Country: US
No names registered to IP address, registered to a company.
If using a proxy it depends on the type of proxy and who the proxy server is. If it's a cheap free server, most police forces can get them to spill the beans even if their abroad (usually a simple phone call to the host nation will get them a court order, but that depends upon the nation. Britain would most certainly pursue them, but insist upon them being tried in a British court.) If it's an elite proxy (e.g. it's being paid for) you have no hope, such hosts do not keep logs and keep all members details secret even under court orders, they effectively take the names to the grave.
Post the real IP address.
 |
| |
| |
| Shadowhunt |
Date: Sunday, 2012-04-01, 12:34 PM | Message # 12 |
Major
Group: Clan Member
Xfire username:
Messages: 88
Status: Offline |
Good job on that one, now there's another problem I've got 2 of them, but as you traced that one in an extremely good way lol actually way better than I thought you could. Anyways here they are: 98.138.90.54 66.249.71.148 |
| |
| |
| Apache |
Date: Sunday, 2012-04-01, 12:49 PM | Message # 13 |
Lieutenant
Group: Clan friends
Xfire username: apachekitten
Messages: 57
Status: Offline |
98.138.90.54
Name unknown, Yahoo ISP, US user, possible spider?
NetRange: 98.136.0.0 - 98.139.255.255
CIDR: 98.136.0.0/14
NetName: A-YAHOO-US9
NetHandle: NET-98-136-0-0-1
NetType: Direct Allocation
RegDate: 2007-12-07
Updated: 2012-03-02
As such the ISP masks the user's address with their own.
OrgName: Yahoo! Inc.
OrgId: YHOO
Address: 701 First Ave
City: Sunnyvale
StateProv: CA
PostalCode: 94089
Country: US
Abuse administrators:
OrgTechHandle: NA258-ARIN
OrgTechName: Netblock Admin
OrgTechPhone: +1-408-349-3300
OrgTechEmail: *************@yahoo-inc.com
OrgTechRef: http://whois.arin.net/rest/poc/NA258-ARIN
OrgAbuseHandle: NETWO857-ARIN
OrgAbuseName: Network Abuse
OrgAbusePhone: +1-408-349-3300
OrgAbuseEmail: *************@cc.yahoo-inc.com
OrgAbuseRef: http://whois.arin.net/rest/poc/NETWO857-ARIN
RTechHandle: NA258-ARIN
RTechName: Netblock Admin
RTechPhone: +1-408-349-3300
RTechEmail: *************@yahoo-inc.com
RTechRef: http://whois.arin.net/rest/poc/NA258-ARIN
RAbuseHandle: NETWO857-ARIN
RAbuseName: Network Abuse
RAbusePhone: +1-408-349-3300
RAbuseEmail: *************@cc.yahoo-inc.com
RAbuseRef: http://whois.arin.net/rest/poc/NETWO857-ARIN
Emails are hidden and not recoverable.
66.249.71.148
Google? address, unlikely to be ISP, perhaps just a spider?
NetRange: 66.249.64.0 - 66.249.95.255
CIDR: 66.249.64.0/19
NetName: GOOGLE
NetType: Direct Allocation
RegDate: 2004-03-05
Updated: 2012-02-24
Google mask as company ISP.
OrgName: Google Inc.
OrgId: GOGL
Address: 1600 Amphitheatre Parkway
City: Mountain View
StateProv: CA
PostalCode: 94043
Country: US
RegDate: 2000-03-30
Updated: 2011-09-24
Network abuse admins:
OrgAbuseHandle: ZG39-ARIN
OrgAbuseName: Google Inc
OrgAbusePhone: +1-650-253-0000
OrgAbuseEmail: ************@google.com
OrgAbuseRef: http://whois.arin.net/rest/poc/ZG39-ARIN
OrgTechHandle: ZG39-ARIN
OrgTechName: Google Inc
OrgTechPhone: +1-650-253-0000
OrgTechEmail: ************@google.com
OrgTechRef: http://whois.arin.net/rest/poc/ZG39-ARIN
Emails are hidden as before.
What exactly did they do? They seem like spiders to me.
|
| |
| |
| Shadowhunt |
Date: Sunday, 2012-04-01, 1:08 PM | Message # 14 |
Major
Group: Clan Member
Xfire username:
Messages: 88
Status: Offline |
ok well no further progress there, so I have to go to the US to ask for help from them. And spiders? what do you mean by that? |
| |
| |
| Apache |
Date: Sunday, 2012-04-01, 1:11 PM | Message # 15 |
Lieutenant
Group: Clan friends
Xfire username: apachekitten
Messages: 57
Status: Offline |
Spiders are bots from search giants that attempt to index every page on your site. If you found the IP's just to be browsing webpages (even private ones) they are spider bots from google, yahoo etc indexing your site for their search engines and are harmless, you can disable or get them to ignore pages via spiders.txt file in your main website directory. (Google for help on that.)
The point is they index every page, even pages that lead to access denied etc, they index EVERYTHING. Spiders.txt will let you tell them pages to ignore if your concerned, but if they're spiders, they are harmless.
|
| |
| |
|
|  |  |
|  |  |
|
|
