Tracking IP address to home address

Evangel

21 Feb 08, 16:38

Anyone knows how to track other's IP address to their home address? Is it illegal?

Is there a way to track other's IP address from emails, IRC, MSN, blogs or whatsoever?

Another last question, is the IP address in IRC of the user the same as their home one? If it is different, is there a way to find out the real home IP address?

Thanks for the help. Im not trying to find out people's address, but others say they have a way to do it. I want to know of the ways to prevent people from spying me.

abao

21 Feb 08, 16:43

Use TCPView. Can see TCP/UDP connections incoming and outgoing.

Ah yes if you are connecting to applications the essentially you are using some of the well known protocols (http, tcp, udp, icmp...), so its always possible to track if its necessary.

Lastly, in IRC by default the IP address is your own IP address unless you mask your IP. This IP masking will depend on whether the IRC channel supports the function anot.

ndmmxiaomayi

21 Feb 08, 16:52

It's not illegal to track, but the methods used are obviously illegal.

To track IP addresses via email addresses, set your email to show headers.

MSN - Your famous netstat

Blogs - Unless you own your own domain or you host your blog on a sub-domain. As long as you can download the blog software, upload it to somewhere and get it hosted, you just need to run some scripts and get the details. Examples of such blogs are Wordpress and Movable Type.

Kindly note that it's not possible for Blogspot users to do that. For Blogspot users, there are free stats tools around which collect data, but the easiest way to fool them is to disable JavaScript.

IRC - I'm not familiar with them, but IRC itself is quite a big hole. Users are known to be able to dig out history as far back as 1995. Explore and you'll know.

Through any other methods - yes, but all are illegal. It involves exploiting a machine or program to reveal details. Try joining security mail lists, you will find a couple posted. Mozilla mailing list is very open, and is one of the most exploited programs around.

Your home IP address (the 192.168.x.x range or the 10.0.x.x range or 172.0.x.x range) shouldn't be exposed to outsiders unless the router/switch/hub is badly configured.

Evangel

21 Feb 08, 16:52

Originally posted by abao:

Use TCPView. Can see TCP/UDP connections incoming and outgoing.

Ah yes if you are connecting to applications the essentially you are using some of the well known protocols (http, tcp, udp, icmp...), so its always possible to track if its necessary.

Lastly, in IRC by default the IP address is your own IP address unless you mask your IP. This IP masking will depend on whether the IRC channel supports the function anot.

How to mask IP address in IRC?

I found an interesting video about this topic. http://www.metacafe.com/watch/318719/trace_any_ip_address_or_website/

ndmmxiaomayi

21 Feb 08, 17:02

Use Google Earth who don't know. But to trace you right to your door step, haha, it's another issue.

Mapping IP to a location has long been done.

Lai lai - http://www.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz

Evangel

21 Feb 08, 17:04

Found this article about IRC.

http://www.all-nettools.com/library,privacy,8

Evangel

21 Feb 08, 17:12

Originally posted by ndmmxiaomayi:

Use Google Earth who don't know. But to trace you right to your door step, haha, it's another issue.

Mapping IP to a location has long been done.

Lai lai - http://www.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz

Wah trace to door step. Not possible right?

Unless you have to trace through our local communication companies' data (singnet, starhub..), only they know how to find out. (ok, I dont know what i'm talking about, just assuming.)

Please enlighten this IT idiot here. LOL

ndmmxiaomayi

21 Feb 08, 17:16

Originally posted by Evangel:

Wah trace to door step. Not possible right?

Unless you have to trace through our local communication companies' data (singnet, starhub..), only they know how to find out. (ok, I dont know what i'm talking about, just assuming.)

Please enlighten this IT idiot here. LOL

Erm, it's possible to trace right to the door step. The police have the tools, otherwise that stupid fake bomb message poster wouldn't have been caught. While it's easy to have ISP cooperation and trace, but it's not fool proof. In that case, the bugger was using somebody's else network to post the message. Trace to an innocent person's house, but evidence showed that she is innocent.

Evangel

21 Feb 08, 17:26

So i guess even if you have my IP address, it would be difficult for you to find my exact location. Only the police can do it.

Do anyone know how this is done?

Evangel

21 Feb 08, 17:32

Another interesting article on finding geographical location of a host. They say it is impossible. But how about if we narrow the search scope to singapore only?

http://www.private.org.il/IP2geo.html

ndmmxiaomayi

21 Feb 08, 17:34

Originally posted by Evangel:

So i guess even if you have my IP address, it would be difficult for you to find my exact location. Only the police can do it.

Do anyone know how this is done?

Software lor... illegal stuffs you go Google find ba... a lot of hackers forums around.

Singapore's IP address not very hard to find... download from the link I've given, open with Excel, search for the word Singapore.

It's not very hard.

GIB

21 Feb 08, 21:58

I use http://www.hostip.info/. It's free and country is accurate but city not so accurate. And no need to download file like Maxmind. Just use the web api that is provided.

Phaze

21 Feb 08, 23:06

Hmm... lots of confusing replies here.

Let's be very clear what can and cannot be done.

The only way to determine the location of an IP address is to do a whois lookup. This whois lookup will tell you who the IP address range is registered to.

Let's take an IP address as an example. Let's say you are on IRC. You are chatting with a guy who is using IP address 203.117.154.215. You do a whois lookup.

% [whois.apnic.net node-2]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:      203.117.154.128 - 203.117.154.255
netname:      HotelMarinaCityPteLtd-SG
country:      SG
descr:        HotelMarinaCityPteLtd-SG
admin-c:      NS110-AP
tech-c:       NS110-AP
status:       ASSIGNED NON-PORTABLE
changed:      ******@starhub.com 20070625
mnt-by:       MAINT-AS4657-AP
source:       APNIC

person:       NOC SHI
nic-hdl:      NS110-AP
e-mail:       ***@starhub.com
address:      19 TaiSeng Drive
address:      Singapore 535222
phone:        +65 6825 7878
fax-no:       +65 6821 6012
country:      SG
changed:      *******@starhub.com 20060607
mnt-by:       MAINT-AS4657-AP
source:       APNIC

This is all the information you can get. So you know that he is in Singapore, the ISP he is using is Starhub and the IP block is registered to Hotel Marina City Pte Ltd. So there's a high chance he's staying at one of the hotels in Marina. As it so happens, the IP is used by Pan Pacific Singapore but you need to dig a bit deeper to get that information.

Let's say you are working for Tan Ah Kow Pte Ltd and you are connected to IRC from work. TAK Pte Ltd has registered it's IP range as well so if someone does a whois lookup on your IP, he will see the registration information. Let's say Tan Ah Kow Pte Ltd is not very big and has only one office. So now, the person pretty much knows where you are.

However, let's say TAK Pte Ltd has no requirement to register it's own IP range - they are just given an IP block by Starhub. If someone looks up your IP address, they will only see that you are using Starhub.

So now let's get back to your question - the only party who can trace your IP address to your home address is your ISP. Everyone else can only trace your IP address to your ISP.

Some people try to hide their IP addresses by connecting to proxy servers of one kind or another (BNC, Socks proxy, VPN, etc.). In those cases, if you lookup the IP address, you will find the location of the proxy server. You would then have to contact the owner of the proxy server to find out the IP address you were connecting from, and then continue to trace.

So I would say unless you are the ISP, it's quite hard to find out your home address.

trendz

21 Feb 08, 23:42

wow. quite detailed already.

abao

21 Feb 08, 23:43

You can always request for a Court Order to try force ISPs to reveal their client's IPs. Like what odex had done :(

Phaze

22 Feb 08, 00:53

Originally posted by abao:

You can always request for a Court Order to try force ISPs to reveal their client’s IPs. Like what odex had done

That's true. But the point is that it is a non-trivial task to obtain the home address. You need the ISP, or have access to the ISP customer database and connection logs to obtain the information.

Piin

23 Feb 08, 01:01

Your home IP address (the 192.168.x.x range or the 10.0.x.x range or 172.0.x.x range) shouldn't be exposed to outsiders unless the router/switch/hub is badly configured.

I'll like to clarify that hubs are _NOT_ configurable devices. Switches generally are not either but there are instances when it is a layer 3 switch which can be configured to do routing within a CAN. Higher end layer 2 switches can also be configured to work with a multitude of vlan trunking protocols/encapsulation and redundant links without loops which will potentially down a switch because of how the ethernet frames will transverse the loop without getting dropped until a switch reset or the broadcast storm just brings it down. That being said, people need to use managed switches in a switched CAN, especially if it's deployed in the distribution/core layers and of course, run some form of STP/rstp/mstp/rstp+