Page 1 of 4 123 ... LastLast
Results 1 to 10 of 33

Thread: Need Help: tracking activity via IP address

  1. #1
    Junior Member
    Join Date
    Mar 2005
    Posts
    7

    Need Help: tracking activity via IP address

    A threat against me was recently posted online. I have the IP address of the computer as well as the time of the posting. I also have physical access to the computer, however the computer does not require a login in order to use it. Does anyone have any advice on how I could go about identifying the person that made the post? My thought was simply to try to find other activity with the same orginiating IP address at around the same time, but other/better ideas are welcome.

  2. #2
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    So someone posted about you and you tracked the IP to a computer you have physical access to? lmfao, well why dont you just wait around and see if he/she comes back to the machine then jump out of your hidding spot and yell "BUSTED!!!!!" that might get them. or take finger prints off the machine and have them matched to someone you know, or even better get DNA, that will get them for sure.

    ok seriously, if it has no login, then it could be anyone. Who else has access to the machine? if its just you and a few other people then ask them, if its ALOT of other pople go with one of my first suggestions or give up, your choice. I guess another option would be to look in the history for places visited around the same time. =/
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  3. #3
    Junior Member
    Join Date
    Mar 2005
    Posts
    7
    I have access to the computer because I'm a teacher and the computer is on the school's network. So, do I need any special software to check the history of the machine at a particular time and/or is there a way to check the network activity through a network administrator (they've been only moderately cooperative so far, which is why I'm doing the legwork)?

  4. #4
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    nope, to check the history you click on the pretty little button that says history.

    and the network admins can view network activity if they have the software, and are willing to do so. but becasue its a school computer chances are youre not going to catch them becasue you cant prove it was them. even if you think you know which one it was you couldnt prove it. unless of course you have a video camera or something watching them.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  5. #5
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    A threat against me was recently posted online. I have the IP address of the computer as well as the time of the posting. I also have physical access to the computer, however the computer does not require a login in order to use it. Does anyone have any advice on how I could go about identifying the person that made the post? My thought was simply to try to find other activity with the same orginiating IP address at around the same time, but other/better ideas are welcome.
    Why not run the IP address through a WHOIS server? Then you should be able to get the contact information you need. (Considering the system isnt using winsocks, proxy severs, anonymous proxy servers, foregin proxy servers, wingates, spoofing software or any other techniques to spoof there IP address). Threats are a violation of the acceptable use policys for most ISPs.

  6. #6
    Junior Member
    Join Date
    Mar 2005
    Posts
    7
    Thanks XTC and Computernerd.

    Computernerd: I did the WHOIS query and that was how I determined that it was a computer that belonged to the school. And, of course, you're right that it violates the acceptable use policy (not to mention a few other policies of the school). The problem is it's a computer running in a computer lab.

    XTC: The room to the lab has a swipecard reader to get access (security is checking whether its logs can be read) and I don't have too many students. In other words, reasonable evidence (such as checking an email account around the time of the posting, or logging in to another site using an identifiable user name) is all I need to have the student brought before the Dean and, hopefully, talked out of their nefarious ways. Can you tell me what software the admins would need to have. Ours is a pretty good sized university, so I would think they have something - I just need to tell them what to do, apparently.

  7. #7
    Senior Member
    Join Date
    Dec 2004
    Posts
    137
    Hi. What did this person exactly do to warrant action involving a Dean? Also, what subject do you teach?

  8. #8
    Senior Member
    Join Date
    Dec 2004
    Posts
    3,171
    nekenieh/Heineken ( personally, I prefer Molsons ),

    You need to tell your network administrator's what tools to use ? Are they doorknobs ? Please tell me what university so I can make sure my kids don't go there.

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmmmmmmmmmm,

    My instinctive feeling is that you have no chance whatsoever as you are not using accounts and logons.

    Only two slim possibilities that I can see:

    1. Any records kept by wherever "online" the threat was posted...............do they have accounts and logons?

    2. Students are creatures of habit.................if the activity took place during a supervised session then the supervisor should know who sits at that workstation.............but they could have gone to the restroom?

    Remember, that still does not "prove" anything so be very careful, or you and your employers could find yourselves on the wrong end of a very expensive and embarassing lawsuit. I am sure you are aware that you would find such an eventuality very "career limiting" as they say

    I think that the lack of enthusiasm from your administrators speaks volumes? Basically most security is designed to prevent unauthorised access, or people going where they should not. The "enemy within" is actually very difficult to deal with.

    cheers

  10. #10
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    however the computer does not require a login in order to use it.
    Ok. So the PCs in the computer lab do not have any form of authentication to login into the PCs. Does these systems keeps any type of log(s) files? Also, if you have the IP address of the computer as well as the time of the posting why not break out the sheet that has everyone whos in your class at that specific time of the posting. This should narrow it down some.

    Can you tell me what software the admins would need to have.
    Sure. What OS are on the systems in the computer lab?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •