once I have the IP address of people who try to hack into my system
(which I get from my firewall software), how can I find out where they
are, using that address?

---

Request for Question Clarification by tar_heel_v-ga on 10 Jan 2003 14:15 PST

d_b_nodurf,

Would providing you with the steps to determine where the IP
originated and how to discover that be sufficient? The reason I ask is
that even with IP addresses, it can be extremely difficult to track
down hackers because of various dynamic IP address, anonymous surfing,
etc.  I can't guarantee that the IP address, even with the steps I can
provide, will track down the specific person using the IP at the time
they tried to get into your system.

-THV

---

Clarification of Question by d_b_nodurf-ga on 10 Jan 2003 14:31 PST

Well, I've found software that will convert an ip address into other
information, but maybe that is all I can expect?

---

Request for Question Clarification by sycophant-ga on 13 Jan 2003 02:17 PST

What sort of software have you found, and what information does it
provide?

Based on an IP address there are many things you could possibly find
out, however depending on the specifics of the ISP or company that
owns the block in which that IP falls, the amount and type of
information.

Most IP tracking software is quite simple. It will find details on the
netblock owner, which is normally of no use at all as netblocks are
sold in blocks no smaller than 16,000 or so, and often are resold by
the holder, so that one registered netblock may be broken down and in
use by dozens of ISPs and thousands of customers.

There are applications that will probe the originating IP for
information such as Windows hostname and workgroup, which can
sometimes be helpful. And if the IP resolves to a domain name (rather
than a dynamic IP hostname) that may be helpful too.

However all these methods will only track to an originating IP, if the
'hacker' is using that machine as a proxy for his attacks, then
without the co-operation of that machine's owner, you will never find
the person or computer actually originating the attacks. Many of my
online activities relay though at least three computers.

If you want to re-define what you want to find out about, I would be
happy the help, but finding an actual person, or physical computer
based only on an IP is, for the most part, impossible.

well actually it isnt very hard. most public proxies will give out
logs in order to protect themselves from getting criminal charges blah
blah blah. so take the ip in your logs. then portscan for port 8080(so
you know its a proxy) and then try to find info on it. find out who
owns it, then email them and give them relevant sections of your logs.
they will check to see whose ip was using theirs accessing yours at
that time(lol a little confusing but hey). they will give you another
ip address(hopefully) and then scan that to see if it is a proxy. if
not it is probably the attackers ip. repeat until needed. also you can
do an ayspy on it and find a lot of info on any ip. this will help you
once locating the attackers ip, who his isp is. then email that ISP's
abuse section with details,logs,proxies he used and so on. hope this
is what you wanted and it wont always work(especially if the attacker
knows what he is doing);p

Hackers who are serious will programs like FakeIP and other means to
provide bogus IP information. I traced one hacker to the point where I
got him on the phone. I got the owner of the IP address, who lost his
service because of the hacking. All the while, the hacking continued
from the "person" who was actually doing the hacking.