Computer Hacking question

Hypothetically if I could hack into an intranet system that is web based, could they detect my presence and specific location through my service provider and IP number by using their backup tapes or some other means? Is it very difficult to find someone who is using a website that is secure using ID’s and Passwords? Also hypothetically, would a firewall on my part assist in avoiding detection? I have the GoStats program for my web site and that gives me the Internet provider of the user who makes a hit on my web site but how would I find out the individual who made contact with my site? Is it really that difficult?

I apologize if this ends up to be a double post, but when the first upload was complete I got a page cannot be displayed error so I thought that I would try again to make sure that the post went through.

Why do people have web based intranet systems? Is it a outsource the database management issue?

Just like the SDMB, tracking any IP usage, including Web usage, on a network or webserver is both typical and trivial. The identification the company would have would be your IP address.

Tracking an IP address back to your individual name would be nearly impossible, without help from your ISP. And ISPs don’t normally share that data without court orders.

While administering another messageboard, I quite regularly ran IP traces using free software available on the net. It might surpise you just how often those traces gave me enough information to locate the person’s workplace or name and address.

Oh, and Ringo, companies have web-based Intranets for many reasons, and outsourcing database management usually isn’t one of them.

Web-based Intranets are useful since a web browser represents a client that is likely installed on every single desktop, and most any networked application these days serves up its data as web pages. Users don’t require any additional training (point and click is pretty easy), so the investment is minimal.

The Intranet is web-based for the same reason that the Internet is predominantly web-based.

Sorry, on preview I see Reprise’s message. Please educate me about free software that can track an IP address from a traceroute to a name and address, other than a DNS reverse lookup.

Thanks.

If you broke into a corporate intranet (assuming you could breach their security) it would be quite possible to locate you, since any company with half an ounce of sense will track you to your ISP or place of work and take legal action. It might be a slow process, but if there is a risk that corporate data has been compromised you can bet action would be taken. A firewall would not assist you, nor (necessarily) would a web-based anonymiser service (since these have been proven to be less secure than claimed).

Why are you asking? I imagine the mods would be less than keen on posters providing advice on how to avoid detection while breaking into corporate networks, somehow.

We’re pretty much getting into the realm of discussing stuff which could be used to minimise the chances of unauthorised intrusion into a computer network here, and I agree with Crusoe that detailed discussion of how admins “connect the dots” is not likely to be looked upon kindly by the mods and admins around here.

Uh, reprise, demonstrating that an admin can get your name and address is more likely to be a deterrent to hackers. To be perfectly honest, it sounds as though you can’t do what you’re saying you can, and are looking for an excuse to not back it up. Without cooperation of the ISP, you’re only going find out what ISP or business owns the IP address, not who was using it. You can also get a rough geographic are the IP address is associated with, but even that is not necessarily useful given that virtual networks are quite commonplace now, and I could be sitting in Timbuktu using an IP address on a network in New York.

I could imagine that if you were running a board where a user named “JSmith” logs in, and you traced their IP address back to the company they worked at, and you called up and asked for Mr Smith, you might get lucky, but you’re not going to get that much info just from network traces.

Absolutely. But if you’re caught breaking into a corporate network, I doubt they would let it lie with just running an IP lookup. Certainly my place wouldn’t.

galt, if you’d been paying attention you’d have noticed that I said it might surprise people how often IP traces can lead you to a workplace or an individual’s name and address. I certainly did not say that IP traces alone provided that information, or that it was possible to gain substantial information from ALL traces, or that information gained would identify the individual who was using a specific PC at a given time (although in some instances it WOULD be possible for a workplace to make that identification if they were forwarded the relevant information). In instances where you would WANT an individual’s identity, you probably wouldn’t have a whole lot of trouble forcing an ISP to hand it over to the police based upon the information you were able to provide - some people just leave a lot more information out there than they realise and assume that a screen-name provides them with anonymity.

The potential for such knowledge to be abused is great enough that I feel I should close this thread before someone starts giving advice about how to get away with breaking into systems where they don’t belong.