How do I track an IP address?

Discussion in 'OT Technology' started by Ev!L ErN!E, Dec 9, 2004.

  1. Ev!L ErN!E

    Ev!L ErN!E New Member

    Joined:
    Aug 28, 2003
    Messages:
    39
    Likes Received:
    0
    Location:
    Michigan
    I need some help on how to track an IP address back to its ISP and to track where it came from, someone has been sending me spam emails, around 1200 of them so far and I wouldl ike to know how to track them down.

    Its not your regular spam mail, this is someone I know, I can tell by the nature of the emails and there contents. So I wanna track em down and find out who they might be.

    How can I do this?
    I have the IP address from where they came from, I just don't know how to track it.
     
  2. lowfat

    lowfat 24/Mac/SciFi/PC Crew OT Supporter

    Joined:
    Oct 27, 2003
    Messages:
    63,949
    Likes Received:
    0
    Location:
    Grande Prairie, AB, Can
  3. Penetration

    Penetration OT Supporter

    Joined:
    Jan 7, 2004
    Messages:
    19,258
    Likes Received:
    0
    Location:
    MMM my ding ding dong
    You know the IP address is most likely masked. Programs that send mass emails via SMTP have the ability to "show" any IP.
     
  4. korrupshun

    korrupshun New Member

    Joined:
    Sep 8, 2004
    Messages:
    389
    Likes Received:
    0
    Location:
    YourMommasHouse
    assuming its not masked, use tracert and report activity to ISP
     
  5. Javi

    Javi New Member

    Joined:
    Sep 13, 2004
    Messages:
    37,785
    Likes Received:
    0
    Location:
    Houston, TX
    tracert! I forget how to do it in the command line.
     
  6. RichSpidizzy

    RichSpidizzy NEMO ME IMPVNE LACESSIT

    Joined:
    Dec 7, 2004
    Messages:
    154
    Likes Received:
    0
    Location:
    Queens, NY
  7. Penguin Man

    Penguin Man Protect Your Digital Liberties

    Joined:
    Apr 27, 2002
    Messages:
    21,696
    Likes Received:
    0
    Location:
    Edmonton, AB
    The way SMTP is designed, they can't hide their real IP unless they are sending through a proxy. They can put a fake one in the headers, but their real one will still be attached to the email.
     
  8. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    aye... Of all the things that can be spoofed (FROM headers, etc) the source IP is pretty reliable. Because of how TCP works, the receiving machine has to know how to get to the sending machine, otherwise the packets are treated as fragments, and are dropped (as opposed to UDP which doesn't care).

    In fact, that's how most abuse departments sort through all the false-reports of spam that they get... It may say the spam came from [email protected], but that is most often a lie (kinda like the spam I've gotten that said I sent it) But if you check the headers, the source IP never lies (said messages usually come from a home dsl user that promply gets disconnected after I phone their ISP's abuse dept, or from a country where morals do not exist)
     

Share This Page