Welcome to E-Goat :: The Totally Unofficial Royal Air Force Rumour Network
Join our free community to unlock a range of benefits like:
  • Post and participate in discussions.
  • Send and receive private messages with other members.
  • Respond to polls and surveys.
  • Upload and share content.
  • Gain access to exclusive features and tools.
Join 7.5K others today

IP Address

  • Thread starter Thread starter Statty Queen
  • Start date Start date
  • Following weeks of work, the E-GOAT team are delighted to present to you a new look to the forums with plenty of new features. Take a look around and see what you think!
Trending This Week
View More Trending
S

Statty Queen

Guest
I hope I've posted in the right forum, but I was wondering if anyone can help?

Last week, I tried logging on to e-goat and was locked out for 15 minutes, due to someone unsuccessfully attempting to log in as me.

The good ol webmaster sent me an email with this person's IP address. My question is: Is there any way I can find out who someone is by their IP address?

I have a vague idea who it is, because the same thing happened with my Myspace account.

I'll be very, very grateful for any help
 
Statty Queen said:
I hope I've posted in the right forum, but I was wondering if anyone can help?
Click to expand...

This is the section for E-Goat related tech questions, however I've moved it to the resident geeks lounge as the question is that you want to resolve an IP address......

The being locked out though usually happens on an IGS machine, if it's your home one, be worried!!

I'm sure one will be along soon.....
 
Last edited:
SQ,

I dont have the answer to your above question, but if individuals are accessing accounts you have, that falls under the Computer Misuse Act 1990.

If you have a fair idea, It may be worth informing them you will seek further legal advice with regard to this Act which makes certain offences criminial ones!.
 
I WAS locked out in work, but my Myspace account was locked out at home. That's why I don't think it was just an IGS problem
 
wgaf said:
http://www.ipligence.com/?gclid=CKLqwcOz_owCFRcGEgodKA21DA
Statty, try this, it'll give you a free search. It'll let you know where the IP addy is in the country. The problem you may have is that not all IP addys are static, some ISPs will change the addy each time you log on.
Click to expand...

The IP address will change at least every 8 days unless the person doing this (if anyone actually is) has paid to keep the same address.
 
I think it is coincidence between myspace being logged out and the lock out with the goat. Are you using IGS for the goat?
 
The two may not be connected. I know MySpace is always being hacked, dont use it myself but my wife and kids accounts have been hijacked in the past and used to post links to porn and such.
 
SSH, I do use IGS for the goat, maybe it was a coincidence, but I think it's someone who doesn't trust me and was trying to read my PMs and also my inbox on Myspace.

Thanks RTW, but Hu got to me first, so I PM'd him the address, and he's sorting it out his end.
 
SQ - tracing the IP address is not going to prove where a person is... My IP address will indicate that my PC is in nottingham - and I'm not (thats where my ISP's DHCP server must be - thats the server that issues the IP address to your PC) The other problem that you will find is that - if its come from an IGS machine - you'll probably find, like my work network (14000 pcs...) - IGS connects to the interworld using one IP address - and that is what will be shown when you try the find it, hiding the actual "internal" network address. Investigations would indicate that the IP belonged to an ISP (or in the case of the RAF, - MOD probably...) Not very helpful i'm afraid...

As MM stated - its against computer misuse legislation - personally I would confront them - especially if this happened on a work PC... and perhaps involve your friendly local SI/IT plod on camp
 
Statty Queen said:
Is there any way I can find out who someone is by their IP address?
Click to expand...

Hi SQ,

If you want to have a go at the problem yourself, I can recommend some freeware software downloads from:-

Wireshark - http://www.wireshark.org/download.html

This is a 'protocol analyser' and will tell you who is on/using/or more importantly - trying to use - your network

Sam Spade - http://www.pcworld.com/downloads/file/fid,4709-order,1-page,1-c,alldownloads/description.html

This will perform all manner of IP address lookups/reverse lookups etc etc
 
mad_moriarty said:
but if individuals are accessing accounts you have, that falls under the Computer Misuse Act 1990.

If you have a fair idea, It may be worth informing them you will seek further legal advice with regard to this Act which makes certain offences criminial ones!.
Click to expand...

A very useful document and one i am using at the moment as someone has illegally entered my restricted website. Solicitor was impressed i knew about it :PDT_Xtremez_30:
 
The Fact Hunter said:
Hi SQ,

If you want to have a go at the problem yourself, I can recommend some freeware software downloads from:-

Wireshark - http://www.wireshark.org/download.html

This is a 'protocol analyser' and will tell you who is on/using/or more importantly - trying to use - your network

Sam Spade - http://www.pcworld.com/downloads/file/fid,4709-order,1-page,1-c,alldownloads/description.html

This will perform all manner of IP address lookups/reverse lookups etc etc
Click to expand...

Wireshark will only show the packets passing through the network card on SQs PC, thats fine if someone is trying to gain access to a home PC/network. In this case the attacker is not after a PC just a user account on a web site. This is an excellent tool though.

Sam Spade is good too but in this case it will probably prove useless. As stated earlier in the thread it is not likely that the attackers IP is the same now as it was at the time of the attack. Even if it was Sam Spade will probably only trace back to an ISP.
 
Wireshark will only show the packets passing through the network card on SQs PC, thats fine if someone is trying to gain access to a home PC/network. In this case the attacker is not after a PC just a user account on a web site. This is an excellent tool though.
Click to expand...

Wireshark actually sets the NIC card into 'promiscuous mode' and will see any/all traffic that is on the local net - ie after the routers default gateway and before any PC's firewall. It will capture any session and show port details going in and out. You can freeze/capture this data and use it as evidence

Sam Spade is good too but in this case it will probably prove useless. As stated earlier in the thread it is not likely that the attackers IP is the same now as it was at the time of the attack. Even if it was Sam Spade will probably only trace back to an ISP.
Click to expand...

Once you have captured your data with Wireshark, you can paste it into Sam Spade to do many look-ups such as Whois/DiG/Trace etc and this will lead to an ISP, but then (unless a proxy address has been used) you can press the built-in 'report abuse' button and file a report. ISP's only have an allocated suite of registered addresses that they can 'spread about' and are anyhow cached to the originators DNS. ARIN will investigate them if reported.
 
The Fact Hunter said:
Wireshark actually sets the NIC card into 'promiscuous mode' and will see any/all traffic that is on the local net - ie after the routers default gateway and before any PC's firewall. It will capture any session and show port details going in and out. You can freeze/capture this data and use it as evidence
Click to expand...

Yes, but if you read the opening post on this thread then you will see that it refers to someone posting to a web page not hacking someones home network. This makes wireshark redundant at this point. Even in promiscuous mode, if it is a swithced network wireshark will not see directed traffic, only broadcast and management traffic if it is on the same subnet.

Once you have captured your data with Wireshark, you can paste it into Sam Spade to do many look-ups such as Whois/DiG/Trace etc and this will lead to an ISP, but then (unless a proxy address has been used) you can press the built-in 'report abuse' button and file a report. ISP's only have an allocated suite of registered addresses that they can 'spread about' and are anyhow cached to the originators DNS. ARIN will investigate them if reported.
Click to expand...

Again not any use given the current thread
 
You must log in or register to reply here.
Back
Top