December 7th, 2001 12:17 PM
Finding an IP
Ok Remote_Access_ touched on this topic briefly in his (I use the term loosely )
post on this board but I thought I would try to explain a few other methods for gettin' someone elses IP addy. It maybe helpfull for some newbies - but I doubt any experienced users will learn anything I'm afraid
ICQ - the worst thing that ever happened to privacy and anonymity
Ok first of all the easiest way is the /dns command in IRC simply type (in the same place as you would normally type what u want to say) /dns persons nick - in the status window it should now display the persons IP. Ok easy peasy but what if the person don't use IRC?
As mentioned by cshs any program that establishes a p2p (peer to peer) connection will alow you to get that perosns IP addy.
Ok guess I'd better explain what a p2p connection is. This is where your compiuter and the perons computer whom u r chatting to is connected directly without going thru a server. Very few IM's these days use this system as it is safer to go thru there server thus hiding ur IP. However with msn (and prolly the others tho I never use them) even tho ur msgs pass thru their server whenever u initiate a file transfer u r then connected p2p. So simply get the perosn to accept a file - it can be anything at all but ur usually better offering them a .jpg/.txt/.gif etc as many peps are not comfortable with accepting .exe/.pif/etc
Also, the particular 'vulnerability' you discuss is not limited to ICQ, or even IMs in general, but to anything wherein there is peer-to-peer communication. Anytime someone establishes a connection to your computer, you can find out their IP -- that's how it's supposed to work.
Once the file transfer has started open ur Dos-prompt and type "netstat -n" without the quotation marks - u should then see 2 columns of numbers. The left hand column is ur ip (u'll notice they're all the same only the port numbers at the end differ) and the right hand column is the ip's ur connected to.
Now it can be confussing figuring out which ip is actually the one belonging to the person u want esp if u have alot of connections running but thru a process of elliminaion u should be able to find it. Just look at the port numbers and rule of the ones you know, 80 web-browser, 21 ftp etc
Ok but what i u cant get them to accept any files from u? Well then u gotta start using 3rd party progs the one I'll concentrate on is ass-snifer The use of which I'll not go into as its pretty self explanitory. Basically what it does is generates an addy like http://106758390 which when someone clicks on its sends their ip to u via ass-sniffer (I have no idea how this works, if anyone does I would be very intrested to know ) But after using it for a while myself I came across another prob peps became wary of going to such an odd looking url. An easy way round this is to set up a web-redirect on a free server like http://www.geocities.com/urnick which points at the ass-sniffer addy.
The last way is only to be used when daling with a complete novice who won't accept file transfers - simply open a new .txt document and type in netstat -n close it and change the file exstension to .bat and email it to them (some peps will accept files thru email as hotmail does a virus check on every attatchment sent thru there email system and will not let u download the file if a virus is found) Now that they have seen it is clean of virii tell them to run it and quote u the top number from the left hand column - u can bullshit them with some story that certain versions of windows needs a patch against the imanidiot virus and running the .bat file will show them there windows version number or something
right hope thats of some use to somebody
December 7th, 2001 12:28 PM
If you're running a firewall, which you should be - it /should/ log the ip of any nefarious attempts to connect to your computer - other than that, why would you need to get someones ip?
December 7th, 2001 12:46 PM
Speaking of firewalls, I am currently using BlackIce Defender. This software gives me a description of the 'attack' including an IP.
December 7th, 2001 12:55 PM
The last time I had to find someones Ip was when a friend of mine was getting harrassed by so dick online everytime she blocked him he would just start msging her again from a dif nick like 30secs later. She didn't have a firewall or anything installed on her pc so using that was out of the question but with my help she was able to aquire his IP which we they emailed to him like such
or something along those lines - I can see how this information can be used wrongly but hey we're all here to learn right!? What happens after the person has aquired the information is up to them.....
At 11:15pm on the 2nd July 2001 ur IP ********* was noted to be making multiple connections to a certain computer belonging to a friend of mine lilBluefIsh. I have been informerd that u were causing her great distress thru ur online actions and vulgarity. She has saved these conversations and unless your actions cease post-haste she will be forced to email them along with your IP to your isp provider.
December 7th, 2001 06:19 PM
Re: Finding an IP
Well, if I had to guess, all it does is connect to YOUR pc on port 80 (HTTP). That's right, I said YOUR PC. The url http://106758390 is merely a DWORD representation of an ip address. You can calculate the DWORD value by taking your IP address and doing the following (assume the ip is 192.168.10.10):
Originally posted by valhallen
Basically what it does is generates an addy like http://106758390 which when someone clicks on its sends their ip to u via ass-sniffer (I have no idea how this works, if anyone does I would be very intrested to know ) But after using it for a while myself I came across another prob peps became wary of going to such an odd looking url. An easy way round this is to set up a web-redirect on a free server like http://www.geocities.com/urnick which points at the ass-sniffer addy.
192 * 16777216 = 3221225472
168 * 65536 = 11010048
10 * 256 = 2560
10 * 1 = 10
so, 3221225472+11010048+2560+10 = 3232238090.
Now, when you go to say, http://3232238090, this is then translated into http://192.168.10.10.
The simplest way to remember the numbers to multiply it by (for me anyways) is that it's descending exponents of 256.
IOW, you multiply the first number by 256^3, the second by 256^2, the third by 256^1, and the last by 256^0.
Check out http://www.pc-help.org/obscure.htm for a much more in depth detail of how it's done.
At any rate, I would guess that this app simply hands out your IP as a DWORD or Octal value, and listens on Port 80. When a request comes in, it no doubt checks the person's IP and then forks the info over. Not too difficult at all, and it could be done with just netcat if you really wanted to.
Hell, Netstat would probably show the incoming connection to port 80.
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
December 7th, 2001 10:04 PM
haha wow.. now where were these networking d00ds came from? hahah.. next thing i know, someone's calculating IP addresses.. lmao
hmm another way to get an ip.. well the only way i know.. w/o using a script or any proggy is by using netstat..
and yeah a firewall logs the IP address of the intruder.. but thats only when someone tries to connect to ur computer..
December 10th, 2001 10:29 AM
Thanx chsh - but boi do I feel dumb now >_<: heh but hey I guess the easiest ways are usually the best ahhhh well..........
December 10th, 2001 04:46 PM
Yup, the "technique" chsh described is pretty cool.. If I remember well, I beleive using this IP scheme used to fool some web filters too...