I (almost) think those links just give random locations. As someone earlier in the thread said, the first was for me about 200 miles off, the second about 10 miles off, in the opposite directions.
I thought the point of dynamic IP was to maximize the efficiency of exploiting freed up IPs.
Why do they call what you have described “dynamic?”
Also, regarding an up-post about the good guys finding their man needing to get a specific IP and usage time from the server’s logs, I am sure the government will acquire enormous scoopfuls and ranges of these data.
Dynamic IP’s are handed out as needed. However, some systems use the hardware (MAC) address of the cable modem or DSL box, some I’ve seen use the user login to determine IP address. Basically you have a fixed address, but the ISP makes no guarantees that you will keep that IP. In an office or campus environment, the default tends to be about 8-day lease times - if you renew/reconnect within that time, you get the same address. Places with high turnover may not have long reservations, you may get a different IP every time you get there. (Starbucks?) There are various rules that law enforcement would like to push about retaining the information about the device/line/etc. the address is assigned to, “to protect the children”, of course.
The problem is, can you get the perp’s IP address from an email, or just the IP of the server it originated from? Don’t recall off hand, if you can “view source” of the message, you can get the chain of IP’s it came through and their domain/machine names. If it’s chat or similar, then you would have the direct IP address I assume.
The other problem is matching IP with physical address - you can identify which ISP owns the address, and maybe even which location (town, city) the servers for that IP range are. Beyond that, well, some ISPs give their servers quasi-meaningful names, like an “OTT” embedded in the name for “Ottawa”. In the dial-up days, it would tell me for example which terminal server, which phone line on the terminal server I belonged to; but each phone call gave a different line. Law enforcement solves this problem with a simple proces called “subpoena”.
With an IP, you can also use the tracert command and see if (a) this sort of traffic is allowed on that network and (b) see the path of names of routers/servers etc. Maybe those cyptic names will be somewhat enlightening.
Of course, if you have a range of friends in the same general area with the same service provider, you can maybe map their IP’s and see if you find a neighbourhood-vs-IP correlation. Similarly, knowing the IP and if the fellow is foolish enough to have an uprotected PC on the internet instead of a home router, you may be able to hack in… totally illegal and many years in the clink.
But of course, there is no simple solution. If you suspect it is someone you know trying to be clever, you can compare against people you know…
If a guy is dumb enough to harass someone using his home ISP email instead of a hotmail or Gmail account, he’s pretty dumb.
It is routine for law enforcement agencies to find out people’s identities from tracking an IP and getting the records from the person’s ISP. That’s how they track down people who trade child porn online. People get busted for that pretty regularly.
It’s possible that a hacker could find the same records by getting into an ISP’s database. But it’d be pretty difficult unless the ISP was run by clueless idiots. Which is possible, but it stretches credulity a bit.
I’m assuming by now most ISP’s have at least the basic protection you find with a medum business - which means you cannot just hack in and read all thier material like it was a Hollywood show. Stupid stuff like obvious passwords, SQL injection vulnerabilities, etc. are blocked. Known holes are patched pretty quickly, or else those that haven’t are already so badly infected they cannot continue doing business.
So the only thing the average computer expert can hope is that either (a) they have pretty accurate naming conventions which reveal a lot about their geographical network or (b) they are vulnerable to social engineering or a good story (and don’t care about customer privacy).
Note that law enforcement, with a valid warrant or persuasion, can get a lot more detail. When a macine connects to a wireless (like Starbucks) the MAC address of the network card is recorded. This is unique to the device, so almost a fingerprint. Of course, with usb wifi units so cheap, disposable wifi interfaces are a good defence. With home equipment, the IP address is associated with particular equipment - the DSL or cable modem in the house.
Also, logs of the email server may record more information about the connecting computer. Allegedly when a computer cnnects to a web server, it passes on a collection of information that can easily identify the computer - windos version and service packs, browser version, what extra plug-in versions like Quicktime, flash and Adobe reader are also installed, etc. Allegedly this combination of information is unique enough to narrow the connection to a single computer. (never checked if this is true). If the web server logs are available, this information can be accesses by law enforcement or the ISP.
Unfortunately, like random fingerprints, this is only useful if you have a suspect to match it to or a large database which should include the suspect.
The moral is: if the police want to put the effort into catching you, they probably can. If a private citizen wants to catch you, either they have to be very smart, and very lucky, or you have to be very stupid. Remember that unauthorized use of a computer is a crime, so using hacker tricks to conceal your identity can result in federal charges. Going through a remote system is a waste of time if the authorities care enough to tap your home line and find the conversation between you and the concealing computer.
It also depends how completely anonymous you want to be. Your IP will reveal rough location, who you get your internet from, (or what Starbucks you frequent)etc.
I would think creating an anonymous GMail or such would be more effective at hiding yor identity. Similarly,there are proxy servers all over the world that will relay your signal to disguise your IP; but as happened with the original in Finland, the shield only lasts as long as there is no subpoena. But then, even such detail as what your connection time patterns are can reveal time zone information…
That is very far from random.
This is a really key point : a web-based e-mail (such as Gmail, Yahoo, etc.) will come from the Gmail server, not the computer of the writer. So you’ll never get the IP address of the writer, at least not without a whole lot of cooperation from Google (assuming they even keep detailed enough records). So unless the e-mail sender is stupid enough to use a corporate/school account where it’s pretty easy to ID the sender, tracking them this way is very hard for an amateur.
You could avoid this by using comments posted on a blog or message board rather than e-mail. With only minor effort by the blog/MB administrator it should be easy to get IP addresses for given postings, even if there’s no registration or anything required for the site.
It was a joke. That’s why I said “almost.”
I don’t know about gmail, but yahoo puts the IP address of the person writing the e-mail in the message header.
I don’t know about other webmail services, but Yahoo mail stamps the IP address that it sees for the web user in the headers of all outgoing email. I once proved to my own satisfaction that a correspondent was lying to me and jerking me around based on the whois info of that IP I could see in her messages.
Well, I did not know that </Johnny Carson> Consider my ignorance fought.
Because it changes with each session. It’s only that in this case the equipment defining the session isn’t individual PCs, but higher up the food chain.
So a little knowledge can help in avoiding detection or determining information. I did not know this either. Oviously Yahoo is a poor choice for someone who wants to be a troll.
Just to give another example of how inaccurate such sites can be, I am currently typing this from a computer located in Salt Lake City, Utah. One of these sites claims I am in Washington, DC, and the other thinks I am in Antelope, California.
To make matters worse (or maybe better), the latter estimate is actually “correct”. I am posting from one of my company’s offices. Our network here in Utah connects directly back to the ‘home office’ in Sacramento, and our ISP is in fact located reasonably close to the suburb of Antelope. So the site does a good job of assessing the location from which I am accessing the Internet, though it misses my physical location by 650 miles.
Number one said Minneapolis. Close. I’m in a suburb of Minneapolis.
Number two said San Francisco. wtf?