Page 1 of 1
IP address [REMOTE_ADDR]
Posted: Tue Oct 22, 2002 1:32 am
by Love_Daddy
Hi Guys,
I'm currently working on a project to trace IP addresses within a company
since it was hacked a couple of weeks ago. so fortunate enough we managed to find the IP address. so my boss wants us to trace his e-mail address using the IP address. I've been searching in vain. so what I'd like to know is whether this is possible or not and if it's possible, how do I go about it?
Posted: Tue Oct 22, 2002 1:44 am
by volka
unsure if I got the point. Do you want to know wether someone can trace back the ip adress from where a email originates?
Then the answer is: it depends

...on how your mails are sent.
i.e. read
http://www.networkmagazine.com/article/ ... 00724S0027 (haven't read it, simply the first reply to my goole search

)
in a nutshell: if you're using your own mail-server and it sends the mails on its own (using mx-records to find the real receiving mail-server) then someone with access to the receiveing machine might get the ip of your mail-server.
Since I'm using my ISP's smtp-server and they already know my ip I think I'm lucky

Posted: Tue Oct 22, 2002 1:56 am
by volka
btw: some ISPs add spam-protect headers to mails.
But these headers should reveal the origin only to the ISP (not including the ip)
Let me rephrase
Posted: Tue Oct 22, 2002 2:07 am
by Love_Daddy
Okay,
What other info can get from using an Ip address?
in my case I need to know if it's possible to get an e-mail address for that particular IP address using PHP?
Posted: Tue Oct 22, 2002 2:19 am
by volka
why do you limit it to email and php?
My system (at home) is scanned at least twice a day (hurray to the firewall

)
Any other way?
Posted: Tue Oct 22, 2002 2:38 am
by Love_Daddy
Ok,
Any other way I can use to solve this problem without using PHP?
Posted: Tue Oct 22, 2002 2:57 am
by volka
I'm still uncertain what you want to do....
Your system has been hacked and
a) you accuse someone of getting the ip from a mail of your boss
b) you have an email of somebody you accuse to be the hacker
Both scenarios
Posted: Tue Oct 22, 2002 3:11 am
by Love_Daddy
Hi,
Okay (b) is the correct one, but getting for both scenarios would be nice. I need to test the program internally before I can execute it externally.
I have the Ip address of the hacker and I need to get his e-mail address and any other additional information if possible.
I've used the following toolz:
- Whois
- nslookup
- traceroute
- nmap
But I need more usable information
Posted: Tue Oct 22, 2002 3:22 am
by volka
maybe
http://www.ripe.net/perl/whois? is of use
for my current ip it reveals
remarks: ************************************************************
remarks: * ABUSE CONTACT:
abuse@t-ipnet.de IN CASE OF HACK ATTACKS, *
remarks: * ILLEGAL ACTIVITY, VIOLATION, SCANS, PROBES, SPAM, ETC. *
remarks: ************************************************************
Re: Both scenarios
Posted: Tue Oct 22, 2002 4:10 am
by horgh
Love_Daddy wrote:
I have the Ip address of the hacker and I need to get his e-mail address and any other additional information if possible.
hi,
you'll get responsibility information about the hacker's network using RIPE.
I'm Administrator of a Students Network with a Class-C Network and we often have attacks,scans or the using of exploits from outside.
what we do then is to contact the specific person of that RIPE Entry and that's it. ...without ipspoofing that 'hacker' must be kinda stupid...
can't imagine how to get his email adress...a person can have hundreds of email adresses...the email adresse of someone imho can't be tracedback by having his IP ....