tracing dynamic IP with date/time
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: tracing dynamic IP with date/time

  1. #1
    Junior Member
    Join Date
    Jan 2006
    Posts
    3

    Question tracing dynamic IP with date/time

    i got an email in october, and it was pretty specific to my life. I have no idea how this person could have gotten my email address other than checking my boyfriend's email. I just got to researching the other night and found out about IP's. (tell you how novice i am?) Several of my searches led me to this site, so I joined today to see if you can help. I searched other threads like a good little newbie, but I don't understand most of what is being said. (I learned regular old MS-DOS commands in high school, and that is about it.) I downloaded email tracker pro, Net trace Pro, and active whois. I can only get that it is alltel. I understand that it uses dynamic IP's, but if i have the date and time, is there any way to pinpoint the user? My boyfriend's ex wife lives in alltel service area, and she thinks my name is the same as my email address. I highly suspect it is her. The reports I am getting are really over my head, and apparently are giving me the current user of that IP address or something. I am going to cut and paste the email information I have. Please help.


    From : Bob Climax <thisbobs4u@hotmail.com>
    Sent : Friday, October 28, 2005 2:59 PM
    To : [email]xxxxxxxxxxxxxxxxxxxxxxxxxxx/email]
    Subject : Kerry Groening


    Go to previous message | Go to next message | Delete | informatio... | Inbox
    MIME-Version: 1.0
    X-Originating-IP: [71.29.71.199]
    X-Originating-Email: [thisbobs4u@hotmail.com]
    X-Sender: thisbobs4u@hotmail.com
    Received: from hotmail.com ([64.4.17.15]) by mc12-f8.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Fri, 28 Oct 2005 12:59:16 -0700
    Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 28 Oct 2005 12:59:16 -0700
    Received: from 64.4.17.200 by by111fd.bay111.hotmail.msn.com with HTTP;Fri, 28 Oct 2005 19:59:16 GMT
    X-Message-Info: JGTYoYF78jGk7/mKEQh6TY89JNleTN4IUsdXri28kiM=
    X-OriginalArrivalTime: 28 Oct 2005 19:59:16.0848 (UTC) FILETIME=[13AF2700:01C5DBFA]
    Return-Path: thisbobs4u@hotmail.com
    View E-mail Message Source

    thank you guys. i am glad you are out there!!

  2. #2
    Senior Member
    Join Date
    Feb 2005
    Posts
    153
    The farthest you can go is detecting which ISP is hosting that area, sadly. If there this is an abusive situation then it is best to report it to the ISP in question.

    DSL Pool - Little Rock is as far as I can push the information with whois/traceroute combined, but it's a start. Below is the contact information avaliable to let them know about the situation:
    Administrative Contact:
    Communications, ALLTEL hostmaster@alltel.net
    1 Allied Drive
    Building II Room B04
    Little Rock, Arkansas 72202
    US
    501-905-8000 Fax: 501-905-7901

    Technical Contact:
    Communications, ALLTEL hostmaster@alltel.net
    1 Allied Drive
    Building II Room B04
    Little Rock, Arkansas 72202
    US
    501-905-8000 Fax: 501-905-7901
    Also try sending your complaint to abuse@alltel.net, since that is a standardized email address for abuse complaints. Be sure to send a copy of the abusive emails along with notifying the time/date of the email so that they can fully review the complaint.

    Edit: As a side note, next time you want to track an IP merely (I assume you are on Windows and not a Unix variant) open your start menu, select 'Run', and type in cmd.exe. This will open up the windows command prompt that allows specific commands ran via the keyboard.

    With then new window open, enter the command:
    tracert ip.or.doman.name.goeshere
    Example:
    tracert 51.121.52.167
    What this will do is use a simple TCP/IP standard method to track the area between yourself and the target by showing the 'hops' it takes to get from point A to B. Sometimes valuable identifying information can be found on the way there to help determain the location, such as seeing primary.az.cisco.12 just before your target. One can assume that the AZ means arizona and cisco could mean that it's Cisco based. That command alone solves your Neotrace Pro and Emailtracer programs, but not nearly as graphically cute.

    A whois is natively on Unix-based operating systems, but if you ever need to do it manually try this for name servers, domains, and IP's to gather information specifically on the target and not just the route.

    http://www.internic.net/whois.html
    \"It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.\"
    - Charles Darwin

  3. #3
    Junior Member
    Join Date
    Jan 2006
    Posts
    3
    thank you for your quick response---one more thing, i think i understand that isp's are issued a range of numbers-right? if that is so and we have received email from his son from the exact same computer with an IP that is within the same range, is it safe to assume that it is the same computer? if so, is there any authority or service that would be able to have a log or some type of record of who it was assigned to at the time? i have left voice messages and email for both the alltel numbers. also-when i spoke with alltel the man said that he thought it was that area, but gave me another number that was a long list of options that didn't apply to this situation.

  4. #4
    Senior Member
    Join Date
    Feb 2005
    Posts
    153
    Originally posted here by cat1220a
    [B]i think i understand that isp's are issued a range of numbers-right? if that is so and we have received email from his son from the exact same computer with an IP that is within the same range, is it safe to assume that it is the same computer?
    Yes and No. It really depends on how the provider handles their clients. Normal ISP's do report the true IP that they have assigned to that client, but some ISPs such as AOL attempt to 'mask' the IP by sending it through multiple AOL routers and filters. The IP you receive could be similar to the origonal IP but changed according to which 'router' it came from first.

    Let's hope Alltel is the former. If that is the case and you've been receiving continual emails from the same person from the same IP then chances are they have a Dynamic IP that only changes once every month or so. It could quite possibly be from the same person but without knowing how Alltel handles their network, I could not give you a 100% on that.
    if so, is there any authority or service that would be able to have a log or some type of record of who it was assigned to at the time?
    The ISPs almost always keep timing logs of activity (even for continual high-speed connections) for legal reasons. Whether or not they will release those is a seperate story, but they may very well review their logs if it is because of one of their clients misbehaving.
    i have left voice messages and email for both the alltel numbers. also-when i spoke with alltel the man said that he thought it was that area, but gave me another number that was a long list of options that didn't apply to this situation.
    But it's certainly a start. Try the number again and press 0 when it starts listing options. 0 will usually take you to an operator if avaliable, so that's going to be your best bet. Otherwise try it and follow the normal menu that would take to you eventually speak to someone, even if it is a different area other than abuse departments. They should be able to transfer you.

    Fingers crossed on the email []
    \"It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.\"
    - Charles Darwin

  5. #5
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    762
    X-Originating-IP: [71.29.71.199]
    Dudes IP address. I ran IP address through a 'WHOIS' server to see who it belong too

    Connecting to whois.arin.net...

    ALLTEL Corporation ALLTEL-COMMUNICATIONS-NET (NET-71-28-0-0-1)
    71.28.0.0 - 71.31.255.255
    DSL Pool - Little Rock 71-29-68-0 (NET-71-29-68-0-1)
    71.29.68.0 - 71.29.71.255

    # ARIN WHOIS database, last updated 2006-01-17 19:10
    # Enter ? for additional hints on searching ARIN's WHOIS database.
    Next went to www.ip2location.com

    to see what city and state:

    CHARLOTTE, NORTH CAROLINA. ISP is DSL POOL - LITTLE ROCK.

    Next www.completewhois.com

    Heres the output more detailed:

    # ARIN WHOIS database, last updated 2006-01-17 19:10
    # Enter ? for additional hints on searching ARIN's WHOIS database.
    [whois.arin.net]
    CustName: DSL Pool - Little Rock
    Address: 4001 Rodney Parham Road
    City: Little Rock
    StateProv: AR
    PostalCode: 72212
    Country: US

    RegDate: 2005-09-16
    Updated: 2005-09-16

    NetRange: 71.29.68.0 - 71.29.71.255
    CIDR: 71.29.68.0/22
    NetName: 71-29-68-0
    NetHandle: NET-71-29-68-0-1
    Parent: NET-71-28-0-0-1
    NetType: Reassigned
    Comment:
    RegDate: 2005-09-16
    Updated: 2005-09-16

    OrgAbuseHandle: ALLTE-ARIN
    OrgAbuseName: ALLTEL Abuse
    OrgAbusePhone: +1-800-990-4449
    OrgAbuseEmail: abuse@alltel.net

    OrgTechHandle: SMC44-ARIN
    OrgTechName: Service Management Center
    OrgTechPhone: +1-877-814-2773
    OrgTechEmail: ipadmin@alltel.net

    # ARIN WHOIS database, last updated 2006-01-17 19:10
    # Enter ? for additional hints on searching ARIN's WHOIS database.
    Heres a link you might wanna check out it automatically reads the email headers for you and tells you who to report it too. Also, it's a website not 3rd party software you have to download. www.spamcop.com

  6. #6
    Member
    Join Date
    Jan 2006
    Posts
    31
    WOW!!!

    You even answered questions from a post I made about an entirely different subject!

    Thanks...you guys rock!

  7. #7
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    There are some useful free tools from this site, one I use a lot is Trout 2.0 when tracing IP's:

    Foundstone
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Cat... Do yourself a favor.....

    Either edit your post to remove _ALL_ information that identifies you or anyone else or delete the post so that information is not publicly available..... Thank you.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    Junior Member
    Join Date
    Jan 2006
    Posts
    3
    sorry, didn't even think about it, just thought it would help. i am going to attempt to edit it. thanks for the heads up.

  10. #10
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Good girl/woman.... Well done...

    Never _ever_ give your personal information out to anywhere public...... There is too much the "bad" people can do with it that isn't good....

    We can help you in exactly the same way in 99.9% of all cases without the personal information being published. If we can't, we can help by asking you to private message us the information. In that case _you_ get to decide who you trust. Publishing it like you did made you "trust" everyone who comes here.... That's a very bad idea....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides