pinpointing IP

When investigating an attack from a specific IP address, what techniques are used to gather information on that IP address. Obviously the typical whois query and IP information lookup are a must, but what else can be done to singleout a potential threat.

Also, when an attacker's IP address is registered to an online service (like AOL in this case), what measures can be taken to specially identify the attacker? I'm aware of AOL's Dynamically Assigned Hardware Addressing, so when a client disconnects the IP is usually reassigned, but I would imagine they would keep a log of IP's to their respective users at specific times.

Reply to
Loading thread data ...

well, call 1800 AOL4ever and ask them to give you the attackers home phone number,license plate and ssn. if they won't give it up, hack into their database and find the information yourself.

seriously: what exactly do you want to do? call the police if you have been violated and can proof it. they can get the ip and other data from the provider - _if_ an actual crime has been committed. M

Reply to

If in fact there really was an "attack" and not someone sending UDP messenger spam (free clue - the source addresses are fake because messenger spam is a one-way connection), then you call the cops - or in your case, the state police. You want to have complete packet captures, and let them handle it. If the incident involves crossing a state line, they will involve the FBI. But it's _their_ call, not yours.

The cognizant law enforcement agency gets a subpoena, and serves it to the provider.

To an extent, yes. But then you are also assuming that the perpetrator is at that address, not it's not some clueless id10ts PC that was zombied. Are you sure you logs are showing the correct times?

Old guy

Reply to
Moe Trin Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.