good morning,
Does anybody know if it is possible to track an IP address in order to know where it is from? (THE EXACT LOCATION) If I remember well, the IP addresses are distributed in an organized manner to the countries and each country has its internal regulation bodies responsible to assign the addresses to the entities and also manage the in-country domains.

Well, the question is: If I know the *real* IP of someone, can I locate this machine in the world? If yes, how?

i have visual route that is included in my norton's firewall, but i don't feel it does me the justice that i am looking for. it seems like after all the hops it is not sure where it came from, lol, and i am wanting to pinpoint the computer. i won't to be able to trace right back to the computer it came from, so i can send them a little message back, STOP trying to sneak in my open ports. most of them come back to businesses in other countries. i just won;t to let them know, that i know who they are and where they are by sending them a emal right back to the culprit computer. lol this may stop a lot of my problems with these people. any programs or advice would be greatly appreciated. thanks again and have a good day.
:)

It can be done where a MAC address can be traced, but needs more muscle with ISPs than you are likely to have as an individual. (Read govt)

Can you describe the attacks you are experiencing?

Sounds like you just want to slap (http://www.webattack.com/get/slap.html) them. ;)

i am wanting to pinpoint the computer. i won't to be able to trace right back to the computer it came from, so i can send them a little message back, STOP trying to sneak in my open ports. most of them come back to businesses in other countries. i just won;t to let them know, that i know who they are and where they are by sending them a emal right back to the culprit computer

You know, that sounds an awful lot like you are the victim of no-one, you are being scanned by one of many worms/trojans from infected machines.

I would like to see some snips of you firewall logs.....

Since you have a firewall, I would pretty much ignore the logs, as there isn't all that much you, as an indivual can do against worms (execpt harden your system and protect youtself).

hey guys,
thanks for the replies. that slap link you gave me paul is not working. it says the domain is, well, done forgot what it said. lol anyway, it is really no big deal. i just thought maybe there was a way i could re-route it back to them and have a little fun, and maybe learn something in the process. here is an example of what i am getting. most of them are from overseas. imagine that.

Rule "Default Block Backdoor/SubSeven Trojan horse" blocked (211.212.42.10,27374)
Inbound TCP connection
Local address,service is (cozycats(68.63.247.108),27374)
Remote address,service is (211.212.42.10,1182)
Process name is "N/A"


hope this helps. thanks again

Looks like an infected machine, and can't really go by a port assignment as to which one anymore...most of them dynamically assign ports.

hey MJC,all my logs in zonealarm are ''incoming'' type
so i suppose that i dont have any trojan,worms..etc. ???
recent log
ZoneAlarm Logging Client v4.0.123.012
Windows XP-5.1.2600-Service Pack 1-SP
type,date,time,source,destination,transport
FWIN,2003/11/30,14:52:14 +1:00 GMT,195.66.177.132:0,195.66.177.158:0,ICMP (type:8/subtype:0)
FWIN,2003/11/30,14:52:50 +1:00 GMT,195.66.177.100:2526,195.66.177.158:135,TCP (flags:S)
FWIN,2003/11/30,14:54:10 +1:00 GMT,195.66.179.195:0,195.66.177.158:0,ICMP (type:8/subtype:0)
FWIN,2003/11/30,14:54:20 +1:00 GMT,195.66.176.79:0,195.66.177.158:0,ICMP (type:8/subtype:0)
FWIN,2003/11/30,14:55:08 +1:00 GMT,206.157.151.151:0,195.66.177.158:0,ICMP (type:8/subtype:0)
FWIN,2003/11/30,14:55:10 +1:00 GMT,195.66.177.28:0,195.66.177.158:0,ICMP (type:8/subtype:0)
FWIN,2003/11/30,14:58:48 +1:00 GMT,195.66.187.49:0,195.66.177.158:0,ICMP (type:8/subtype:0)

Plug the address into this

http://www.geektools.com/whois.php

You will see that Most are from the area.


descr: First Internet provider in Montenegro
descr: Routers and dial-up lines
descr: Podgorica, centrala 2
country: YU

but what i can,like common user, do with that information???

:rolleyes:

That was what I thought I said in the first reply to your post. <sigh>

About the best thing you can do is sign up to a log reporting service...

Something like this (http://www.mynetwatchman.com/about.asp), because an individual making reports to and ISP is most likely to be ignored...

Originally posted by tad214
that slap link you gave me paul is not working. it says the domain is, well, done forgot what it said.
It is working right now.

hey jeeza.
no, it is still not working. here is what it says:

This Domain is on Hold
The Domain SECURITYSOFTWARE.CC has been placed on hold by the registry. For more information about this domain and its status, please contact Client Care.

thanks for checking.

The first link is OK but the download (or any attempt to connect to www.securitysoftware.cc) fails. Hard to know if its temporary or permanaent.

hey paul,
do you or anyone else on here, have any idea where i may be able to find a copy of it somewhere else? really sounds like a program that i would be interested in. thanks

I've uploaded it HERE (http://www.paulski.com/todownload/slap.zip) for a couple of days if you want to download it.

Thanks Paul, I got it loaded already.

:D

i got it now guys. fixin to take it for a spin. thanks a lot. i will let you know how it turns out.

Im a little late on this but there is no real way to find someone if they dont want to be found unless you have unlimited resources. basicly you could trace to the IP address the last hop router to respond will give you the city that IP address is in and the ISP which is the AS# associated with it. whois will tell you who owns that IP and AS# by searching arins and other certified databases for registered IP addresses. The problem is this there are open proxy servers people can go through (very common practice for hiding yourself on the internet) also they could be behind a NAT or PAT firewall so all you will get is a buisness IP address and not the user, third they could be spoofing the source address so then your just out of luck. PEACE