IP address [REMOTE_ADDR]

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Love_Daddy
Forum Commoner
Posts: 61
Joined: Wed Jul 10, 2002 6:55 am
Location: South Africa
Contact:

IP address [REMOTE_ADDR]

Post by Love_Daddy »

Hi Guys,

I'm currently working on a project to trace IP addresses within a company
since it was hacked a couple of weeks ago. so fortunate enough we managed to find the IP address. so my boss wants us to trace his e-mail address using the IP address. I've been searching in vain. so what I'd like to know is whether this is possible or not and if it's possible, how do I go about it?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

unsure if I got the point. Do you want to know wether someone can trace back the ip adress from where a email originates?
Then the answer is: it depends ;)
...on how your mails are sent.

i.e. read http://www.networkmagazine.com/article/ ... 00724S0027 (haven't read it, simply the first reply to my goole search ;) )

in a nutshell: if you're using your own mail-server and it sends the mails on its own (using mx-records to find the real receiving mail-server) then someone with access to the receiveing machine might get the ip of your mail-server.

Since I'm using my ISP's smtp-server and they already know my ip I think I'm lucky ;)
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

btw: some ISPs add spam-protect headers to mails.
But these headers should reveal the origin only to the ISP (not including the ip)
User avatar
Love_Daddy
Forum Commoner
Posts: 61
Joined: Wed Jul 10, 2002 6:55 am
Location: South Africa
Contact:

Let me rephrase

Post by Love_Daddy »

Okay,

What other info can get from using an Ip address?
in my case I need to know if it's possible to get an e-mail address for that particular IP address using PHP?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

why do you limit it to email and php?
My system (at home) is scanned at least twice a day (hurray to the firewall ;) )
User avatar
Love_Daddy
Forum Commoner
Posts: 61
Joined: Wed Jul 10, 2002 6:55 am
Location: South Africa
Contact:

Any other way?

Post by Love_Daddy »

Ok,

Any other way I can use to solve this problem without using PHP?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

I'm still uncertain what you want to do....
Your system has been hacked and
a) you accuse someone of getting the ip from a mail of your boss
b) you have an email of somebody you accuse to be the hacker
User avatar
Love_Daddy
Forum Commoner
Posts: 61
Joined: Wed Jul 10, 2002 6:55 am
Location: South Africa
Contact:

Both scenarios

Post by Love_Daddy »

Hi,

Okay (b) is the correct one, but getting for both scenarios would be nice. I need to test the program internally before I can execute it externally.

I have the Ip address of the hacker and I need to get his e-mail address and any other additional information if possible.

I've used the following toolz:

- Whois
- nslookup
- traceroute
- nmap

But I need more usable information
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

maybe http://www.ripe.net/perl/whois? is of use
for my current ip it reveals
remarks: ************************************************************
remarks: * ABUSE CONTACT: abuse@t-ipnet.de IN CASE OF HACK ATTACKS, *
remarks: * ILLEGAL ACTIVITY, VIOLATION, SCANS, PROBES, SPAM, ETC. *
remarks: ************************************************************
User avatar
horgh
Forum Newbie
Posts: 23
Joined: Mon Oct 21, 2002 9:50 am
Location: GER
Contact:

Re: Both scenarios

Post by horgh »

Love_Daddy wrote:
I have the Ip address of the hacker and I need to get his e-mail address and any other additional information if possible.
hi,
you'll get responsibility information about the hacker's network using RIPE.
I'm Administrator of a Students Network with a Class-C Network and we often have attacks,scans or the using of exploits from outside.
what we do then is to contact the specific person of that RIPE Entry and that's it. ...without ipspoofing that 'hacker' must be kinda stupid...

can't imagine how to get his email adress...a person can have hundreds of email adresses...the email adresse of someone imho can't be tracedback by having his IP ....
Post Reply