April 6th, 2004, 06:43 PM
ISP and tracing
Somewhere I read, that I can trace someone to his ISP and send him an e-mail(for example tracing an "attacker"). So, what is ISP and HOW can I trace him to his e-mail adress?
April 6th, 2004, 07:21 PM
ISP is Internet Service Provider. Finding the ISP of a given person is easy assuming you have their IP address. It's just a matter of doing a quick arin whois lookup or an nslookup.
For example, assuming your target's IP is "220.127.116.11"
stugein@penfold:~$ whois -h whois.arin.net 18.104.22.168
RCN Corporation RCN-BLK-5 (NET-208-58-0-0-1)
22.214.171.124 - 126.96.36.199
The user's ISP would, in this case, be RCN.
As for nailing it down to an e-mail address..that would be difficult at best and probably impossible based on just an IP address alone unless the target system has vulnerabilities allowing you to get in and exploit the system to possibly find that information stored somewhere. Aside from that there is no way to just "trace" a person's e-mail address from any pure IP lookup that I am aware of.
April 6th, 2004, 07:23 PM
Tracing the attacker
ISP stands for Internet Service Provider
It is the company that is responsible for maintaining your internet connection putting limits on your data and all that crap mostly the prizes are to high for the services they offer.
And to trace the attacker is not so easy-->if you have the IP then you can find out through some WhoisDB which ISP the IP belongs to and then contact the provider and wait for results.
April 6th, 2004, 07:25 PM
while doing a whois on someones IP, it will show you their system admin and their phone number. Give the system admin a call. They will not give you any information on the attacker *if they know what they're doing*, instead they'll monitor the activity and terminate their internet service if needed. Of course that is not guaranteed.
April 6th, 2004, 07:26 PM
I would hope that simply contacting the fellow's ISP and trying to get them to give up the e-mail address would meet with failure, as any ISP that would outright give a random person that kind of info would probably be in violation of any number of privacy policies/laws.
April 6th, 2004, 07:52 PM
I wouldn`t recommend calling. Email is the way to go. ounce you have found out the ISP of the "attacker" send a detailed email to the [abuse@ISP.com] address of their ISP. Make sure you include date and time of attack, your logs, and anything else helpful. If you don`t they may/will file your complaint under J. (junk). After doing this,and have sent the mail some ISP`s will send you an automated mail explaining how they handle abuse problems.
while doing a whois on someones IP, it will show you their system admin and their phone number. Give the system admin a call.
...Just thought i would throw that in.
Signature image is too tall!
April 6th, 2004, 09:30 PM
Going thru some of the very same problems as you.
Check out Listing under newbie security questions
Have ?able hackers IP now what?
Some useful stuff
"Your enemy is never a villian in his own eyes.
Keep this in mind, it may offer a way to make him your friend.
If not, you can KILL him without hate, and quickly. " Sam Spade
April 6th, 2004, 09:34 PM
Determining an "IP" of an attacker means nothing about which ISP the attacker is using.
More often than not, the dialup account is stolen or created using fake info.
That IP may simply be one of many owned boxes usually never netting useful info.
Here in Colorado, unless you can prove significant damages, law enforcement
will tell you to pound sand and get in line as the frequency of similar events is
very high and not worth the manpower to pursue.