Realistically, how much help would knowing someone's IP address be in locating them?

Factual Questions
1

Let’s say there’s a girl who has been getting cryptic e-mails from someone who used to go to her school. A friend of hers is a computer wiz, and manages to track down the sender’s IP address. How much help will knowing the IP address be in discovering the identity of the mystery e-mailer?

Which is the most plausable:
Which town the e-mails were sent from
Which neighborhood
Which house

I’m curious in part because those targeted ads out there for meeting people or finding bargins don’t even get my town right (they refer to the neighboring city) but they might be “wrong” on purpose because my town is so small that there isn’t much in the way of businesses or nightlife to speak of.

And can a teenager who is “good with computers,” but not a headed to MIT boy-genius, actually trace an IP address in the first place?

2

My IP address shows up as being located in a town in a different county about 50 miles away. I was told it depended where the nearest towers were, and that an IP address didn’t really give any clue as to one’s physical (street) address. The targeted ads may be because of your IP address, or because of specific searches you’ve done, using your zip code, county or town.

It’s easy to trace IP addresses, just google *what’s my IP address *or similar and there’s a bunch of sites that claim to do so.

3

If the person isn’t making any effort to mask their IP; it’s possible for someone with technical knowledge (as mentioned above you can just google IP trackers).

If they’re disguising it somehow then it depends on how good they are.

4

We’ll say that the only effort they put into disguising themselves is to use a random sounding e-mail address rather than one based on their real name.

5

Clarifying what Bisected8 said:

If the person isn’t making any effort to hide, the extent to which you can narrow down the search depends on how certain you want the result to be. If you want close 100% certainty, you’re probably limited to country-level only, or perhaps region in some cases. Down at the town/suburb level you’re probably well below 50% certainty.

There are circumstances where you can get an exact address with a high degree of certainty: if the IP belongs to a school or large business, for example. Note however that will give you the address of the organization, which is not necessarily the location of the person using the computer.

Anyone can “trace” an IP. Just change the URL here:

http://whois.domaintools.com/8.8.8.8

If the person is making a reasonable effort to hide their IP and does not make a stupid mistake, even an expert probably cannot trace them to a location. Someone with the capacity to obtain warrants or subpoenas might be able to in limited circumstances, but that is slow, expensive and not too reliable.

No offense intended, but I don’t think chiroptera’s answers are correct or helpful (IPs have nothing to do with towers).

6

As others have said, the IP is enough to track the connection back to a single computer or router, however even a computer wiz won’t have access to the information required to do that. You can use a “whois” lookup to find the ISP which owns the IP address, and it will probably tell you it is some major broadband provider, such as Comcast or Verizon. You would then have to contact that company to find out to whom they’ve assigned that address. That is probably something that will require a subpoena, or just a call from law enforcement.

You can do geo-IP lookups, which will give you an estimate of the city the address is in, though as others have said, this can be wildly wrong, or just a little wrong. You can do a traceroute to the address, and because many places name their routers geographically that can give you some information. For example, a traceroute to a random IP address that happened to connect to my mail server, goes to Comcast routers in Seattle and then Beaverton. The geo-IP for the address says it’s in Portland. I’d conclude that the IP address is probably someplace in the Pacific Northwest.

Your best hope is that information is enough to give you important clues. For example, the information is pointing to Madison, WI, and you know that creepy-ex is going to UW-Madison, then that is some good circumstantial evidence. If it’s just pointing to some Time Warner cable connection in your own town, then it could be just about anybody.

Universities, large companies, and even some small companies, will “own” IP addresses, so if it came from one of those it would be easy to discover that information.

So in direct answer to the question, the IP is tremendous help, but not nearly enough to do a CSI style “there in that house!” If I were doing this as a fictional account that I wanted to sound realistic, I’d have the IP be for a company, not a residential user (the creepy emails are being sent from someones office). The company would have to be large enough to have their own domain, but also unique enough that it would be easy to identify the perpetrator just by knowing the company.

7

There are several web sites that will try to tell you where you are, based on your IP address. I have provided a couple of such links below. Just click on them, and see how accurately they place you. (They may have slightly different opinions.) . In my experience, just occasionally one such site will get it badly wrong, but on most occasions they can pinpoint your local area quite accurately. It does not get to the level of a particular house. I think they would need to get confidential information from your ISP in order to locate you, specifically.

http://www.geobytes.com/IpLocator.htm?GetLocation

I have seen occasions when one of these sites will place a marker within a block or two of my actual location, but generally it is not quite so precise.

8

For me, the first one was about 70 miles off, the second about 25. (Oddly, in opposite directions.)

9

Unless you’re getting Internet access via a cell phone modem. Which I have done. Not too hard to imagine that which tower sees you influences which block of machines your packets enter the public Internet from, and therefore your IP address.

10

Mail sent through some services doesn’t have any useful IP info at all. I believe Hotmail used to be like that (but don’t quote me), the IP just showed that it came from a Hotmail IP. I just checked an email my mom sent from her ipad at home using her work address and it only shows her company’s IP. However, it depends on the organization. If it showed the IP of my local library, I’d believe it came from there because they have computers for people to use. As long as it wasn’t from a library employee who may be able to send email from anywhere, it must mean someone sat down there and sent the email.

Sometimes ISPs will have a city code in their long IP address, like 123-45-54-321.atl.isp.net would be Atlanta, but that only proves that someone used the ATL server to send the email. You could do that from anywhere.

My Ip is currently giving me away pretty closely with a whois because it shows I’m part of the x.x.176.0 to x.x.191.255 block assigned to my cable company and they apparently name that block “city-state-x-x-176.” But, a human would have to figure that out because it’s tucked away in the whois info where an automated tool wouldn’t think to look. Plus, I could be in China and still log into my computer to send mail, and those two geoip tools above have me listed as being either 30 miles away or 300 miles away so I don’t know what info they’re using.

As for which is the most plausible, you have them in the right order:

Which town the e-mails were sent from - ads and IP locators aren’t so great. A human can sometimes figure it out easily and sometimes come up against a brick wall.

Which neighborhood - I doubt any automated tool could even attempt this, but a human may be able to figure it out if your IP belongs to a certain organization.

Which house - never the house, but a human may get the organization and it’s exact location.

Then there are proxies, where a person connects to a proxy server somewhere -anywhere- and connects to the internet through that, thus giving them the proxy’s IP address, masking their true IP.

In short, if someone wants to hide or fake where their IP says they’re from, it’s trivially simple. If they’re not hiding, a human may figure it out easily or not at all. Unless they have an IP that belongs to an organization where you can deduce the location, the best they’ll get is the city.

Since the OP mentioned targeted ads, I’ll briefly mention cell phones. A smartphone’s IP won’t give your location, but the phone can locate itself by figuring out which cell towers it is connected to and some advertisers can access that information. It’s good enough for neighborhood location and can be extremely accurate in good conditions. A human can’t get that info though (well, not legitimately).

11

Good to know. I haven’t sketched the character out at all yet, but she (he?) is very likely to be either in college or in the first year of their very first post-college job.

12

I am not a conspiracy theorist by any means, nor wish to discuss the politics of the Patriot Act, but I have always assumed the NSA or some other agency could trace anything it wanted to. I read that the inner circle of bin Laden stopped using cell phones–for reasons obvious even to me–but I also assume that the national security apparatus can trace every goddamn byte on the planet.

Achievable?

13

I think that’s unlikely by technical means alone.

It’s probably true that a big intelligence or law enforcement agency could eventually track down a particular person who is using secure anonymous communications - if they’re willing to spend enough time and resources to do it, and perhaps break the law along the way. But it’s going to involve legwork, gathering offline information, investigation, not just a few keystrokes like in the movies.

14

As far as email goes, if you’re using webmail like Gmail, through a web browser, the email header is very unlikely to include your own IP address. The originating point will be Gmail’s server, which could be thousands of miles away.
If, on the other hand, you’re using something like Outlook to connect to a provider’s SMTP server, the header might very well include your real IP address.

I just looked at two headers of emails I received through my work email, from rhe same domain, one from someone I know uses Outlook and one from somebody who uses Gmail. In the first case, there is this line:

Received: from <the actual name of their computer> ([76.302.35.77]) (I’ve change the IP address). I looked up the IP address and it is the actual building that they work in, in the USA.

The second one, from the Gmail user, merely originates at 209.85.212.46, which is apprently a Google server in New York. But the guy who sent it is in England.

15

In this case, the NSA would trace the IP back to a particular internet provider (and probably to a specific town). The NSA would then contact the internet provider to get the actual customer information associated with that IP. That would not only give them your physical address, but would also give them the name and contact information for whoever pays the internet bill.

A computer wiz would not be able to get this information from the internet provider.

Internet providers track all kinds of information about you, so a computer wiz might theoretically be able to hack into the system and find the record that ties the IP to a particular customer. This would require the friend to have significantly more advanced skills than just being the local computer wiz.

16

But if it’s a dynamic IP, how does the ISP tie it to a specific customer? Do they keep logs or something?

17

With the sort of dynamic IP that you get on dialup, where it changes every session, I would guess they probably can’t trace it, at least not to an individual, maybe to a telephone exchange or something. However, on broadband cable (I have no experience of DSL), although I do not think I technically have a static IP, in practice it persists through me shutting down all my equipment, and stays the same for months if not years on end. I don’t suppose there would be much difficulty for the ISP in determining who is using a certain IP address now, and that will very probably be the one the g-men are looking for.

Also, with some ISPs (including the one I am with now, though not my old one) your reverse DNS, which is something any web site can grab when you visit, much as it can get your IP address, may contain a unique customer code that your ISP has assigned to you, regardless of any changes in your IP address. Reverse DNS lookup will also usually directly reveal your ISP and facts about your location (though probably no more than can got from you IP address).

18

Yes. ISPs are required to keep such logs, and naturally do so for billing/tracking purposes. Getting such information from an ISP requires a court order or warrant, though.

Si

19

You would have to give them the date and time as well as the IP address so they can look up in their logs which customer was using that address at that time.

20

ROTFLMAO!! Your first link correctly said that I am in Edmonton. Your second one said that I am in New York! Wrong city, wrong country, wrong side of the continent. :eek: Yes, I would say that is “badly wrong”.