Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > IP Address tracking?

Reply
Thread Tools

IP Address tracking?

 
 
tradmusic.com
Guest
Posts: n/a
 
      09-11-2005
Hi,

I, or rather, my company have recently become the victims of deliberate
spamming in the form of "e-mail injection".
This is where a spammer/hacker etc repeatedly submits blank or nonsense
messages on a clients web site contact form, causing them to receive phoney
enquiries.

I can track IP addresses on the server, so what do I do once I have an IP
address that I feel is suspicious (ie. was showing as being on the site at
the time of the phoney form submissions)?

What do I do now? How do I go about tracking the person/PC responsible?
Is this even possible?

Thanks
Nath.



 
Reply With Quote
 
 
 
 
DavidPostill
Guest
Posts: n/a
 
      09-11-2005
In article <dg1qrh$d49$(E-Mail Removed)-infra.bt.com>, on Sun, 11 Sep 2005 17:51:45 +0000
(UTC), tradmusic.com wrote:

| Hi,
|
| I, or rather, my company have recently become the victims of deliberate
| spamming in the form of "e-mail injection".
| This is where a spammer/hacker etc repeatedly submits blank or nonsense
| messages on a clients web site contact form, causing them to receive phoney
| enquiries.
|
| I can track IP addresses on the server, so what do I do once I have an IP
| address that I feel is suspicious (ie. was showing as being on the site at
| the time of the phoney form submissions)?
|
| What do I do now? How do I go about tracking the person/PC responsible?
| Is this even possible?

The following tools will give you interesting information about the ip addresses.

nslookup
whois
tracert

You can find online versions at <http://centralops.net/co/>

See also:

<http://www.netdemon.net/tutorials/whois.txt>
<http://www.elsop.com/wrc/nospam.htm>
--
DavidPostill
 
Reply With Quote
 
 
 
 
Jim Watt
Guest
Posts: n/a
 
      09-12-2005
On Sun, 11 Sep 2005 17:51:45 +0000 (UTC), "tradmusic.com"
<(E-Mail Removed)> wrote:

>Hi,
>
>I, or rather, my company have recently become the victims of deliberate
>spamming in the form of "e-mail injection".
>This is where a spammer/hacker etc repeatedly submits blank or nonsense
>messages on a clients web site contact form, causing them to receive phoney
>enquiries.
>
>I can track IP addresses on the server, so what do I do once I have an IP
>address that I feel is suspicious (ie. was showing as being on the site at
>the time of the phoney form submissions)?
>
>What do I do now? How do I go about tracking the person/PC responsible?
>Is this even possible?
>
>Thanks
>Nath.


Take a look at:

http://samspade.org

Why not post some of the IP addresses used here for comment.
--
Jim Watt
http://www.gibnet.com
 
Reply With Quote
 
Hairy One Kenobi
Guest
Posts: n/a
 
      09-12-2005
"tradmusic.com" <(E-Mail Removed)> wrote in message
news:dg1qrh$d49$(E-Mail Removed)-infra.bt.com...
> Hi,
>
> I, or rather, my company have recently become the victims of deliberate
> spamming in the form of "e-mail injection".
> This is where a spammer/hacker etc repeatedly submits blank or nonsense
> messages on a clients web site contact form, causing them to receive

phoney
> enquiries.
>
> I can track IP addresses on the server, so what do I do once I have an IP
> address that I feel is suspicious (ie. was showing as being on the site at
> the time of the phoney form submissions)?
>
> What do I do now? How do I go about tracking the person/PC responsible?
> Is this even possible?


For where you sit, not as such.

The official route (effectiveness will vary. A lot) is to plug the IP into
WHOIS and find out which ISP owns the space. Don't bother with actual
companies - just grab the ISP.

If they're any good (many aren't) then they'll try to ensure that the
originating machine is cleaned of nasties (simple self interest, in
protecting their own infrastructure)

From your description, though, I can't see that you'd be able to provide
sufficient proof - don't you track the IPs of specific submissions? So that
you can track down exactly who entered the data? And wouldn't this be a good
first step?

You may well find that it's quite close to home... unless there's an
individual that's specifically ****ed-off with your company. And even then,
"disgruntled employee" works for both local and remote submissions ;o)

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!


 
Reply With Quote
 
scramble68@gmail.com
Guest
Posts: n/a
 
      09-13-2005
Use whois to find out the contact info for the domain administrator for
that IP address. If the admin wont help you, block the subnet for that
address using firewall rules, ACL, web site scripting etc. The security
community needs to share info on where these spammers are coming from.
Then we can take more action.
scramble
tradmusic.com wrote:
> Hi,
>
> I, or rather, my company have recently become the victims of deliberate
> spamming in the form of "e-mail injection".
> This is where a spammer/hacker etc repeatedly submits blank or nonsense
> messages on a clients web site contact form, causing them to receive phoney
> enquiries.
>
> I can track IP addresses on the server, so what do I do once I have an IP
> address that I feel is suspicious (ie. was showing as being on the site at
> the time of the phoney form submissions)?
>
> What do I do now? How do I go about tracking the person/PC responsible?
> Is this even possible?
>
> Thanks
> Nath.


 
Reply With Quote
 
Unruh
Guest
Posts: n/a
 
      09-13-2005
http://www.velocityreviews.com/forums/(E-Mail Removed) writes:

>Use whois to find out the contact info for the domain administrator for
>that IP address. If the admin wont help you, block the subnet for that
>address using firewall rules, ACL, web site scripting etc. The security
>community needs to share info on where these spammers are coming from.
>Then we can take more action.


YOu do not understand how they work. Spammers work hand in hand with the
virus people. The virus people crack computers. They sell the list of
cracked computers to the spammers, who then use them to send out spam.
Thus the locations you are blocking are "innocent" third parties who have
been screwed over twice.
Ie, the spammers "come from" your friend, your neighbor, etc.

Sometimes stupid spammers will use their own machines. And they can be
caught (although how you launch a case against someone in Nigeria I do not
know.)



>scramble
>tradmusic.com wrote:
>> Hi,
>>
>> I, or rather, my company have recently become the victims of deliberate
>> spamming in the form of "e-mail injection".
>> This is where a spammer/hacker etc repeatedly submits blank or nonsense
>> messages on a clients web site contact form, causing them to receive phoney
>> enquiries.
>>
>> I can track IP addresses on the server, so what do I do once I have an IP
>> address that I feel is suspicious (ie. was showing as being on the site at
>> the time of the phoney form submissions)?
>>
>> What do I do now? How do I go about tracking the person/PC responsible?
>> Is this even possible?
>>
>> Thanks
>> Nath.


 
Reply With Quote
 
Jim Watt
Guest
Posts: n/a
 
      09-13-2005
On 13 Sep 2005 08:15:19 -0700, (E-Mail Removed) wrote:

>Use whois to find out the contact info for the domain administrator for
>that IP address. If the admin wont help you, block the subnet for that
>address using firewall rules, ACL, web site scripting etc. The security
>community needs to share info on where these spammers are coming from.
>Then we can take more action.
>scramble


It used to be as easy as that, but these days its impossible to trace
a lot of it, and often the people that are relaying it really don't
seem to care

--
Jim Watt
http://www.gibnet.com
 
Reply With Quote
 
Imhotep
Guest
Posts: n/a
 
      09-14-2005
Unruh wrote:

> (E-Mail Removed) writes:
>
>>Use whois to find out the contact info for the domain administrator for
>>that IP address. If the admin wont help you, block the subnet for that
>>address using firewall rules, ACL, web site scripting etc. The security
>>community needs to share info on where these spammers are coming from.
>>Then we can take more action.

>
> YOu do not understand how they work. Spammers work hand in hand with the
> virus people. The virus people crack computers. They sell the list of
> cracked computers to the spammers, who then use them to send out spam.
> Thus the locations you are blocking are "innocent" third parties who have
> been screwed over twice.
> Ie, the spammers "come from" your friend, your neighbor, etc.
>
> Sometimes stupid spammers will use their own machines. And they can be
> caught (although how you launch a case against someone in Nigeria I do not
> know.)
>
>
>
>>scramble
>>tradmusic.com wrote:
>>> Hi,
>>>
>>> I, or rather, my company have recently become the victims of deliberate
>>> spamming in the form of "e-mail injection".
>>> This is where a spammer/hacker etc repeatedly submits blank or nonsense
>>> messages on a clients web site contact form, causing them to receive
>>> phoney enquiries.
>>>
>>> I can track IP addresses on the server, so what do I do once I have an
>>> IP address that I feel is suspicious (ie. was showing as being on the
>>> site at the time of the phoney form submissions)?
>>>
>>> What do I do now? How do I go about tracking the person/PC responsible?
>>> Is this even possible?
>>>
>>> Thanks
>>> Nath.


Good points...
 
Reply With Quote
 
Donnie
Guest
Posts: n/a
 
      09-16-2005


>
> The following tools will give you interesting information about the ip

addresses.
>
> nslookup
> whois
> tracert
>
> You can find online versions at <http://centralops.net/co/>
>
> See also:
>
> <http://www.netdemon.net/tutorials/whois.txt>
> <http://www.elsop.com/wrc/nospam.htm>
> --
> DavidPostill


############################
I would add
nbtstat -A IP_address to that list even though it's a ot harder to get the
NetBIOS table these days. There were times when I tracked people right to
their door with that and other searches.
Donnie


 
Reply With Quote
 
Jim Watt
Guest
Posts: n/a
 
      09-16-2005
On Fri, 16 Sep 2005 00:38:50 GMT, "Donnie" <(E-Mail Removed)>
wrote:

>nbtstat -A IP_address to that list even though it's a ot harder to get the
>NetBIOS table these days. There were times when I tracked people right to
>their door with that and other searches.


Problem is the use of proxy servers, of which there seem
to be a huge number which the bastard still trying to spam my
message board with 100 mesages a day uses.

I suspect its a robot as nobody could be so stupid and
persistent.
--
Jim Watt
http://www.gibnet.com
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN with DMZ IP address NETed to LAN IP address!!! route-map!!! examples20001@gmail.com Cisco 0 02-07-2006 04:05 PM
PIX Firewall MAC address VPN IP address Julian Dragut Cisco 1 02-07-2006 07:57 AM
obtaining the IP ADDRESS of an IP POHNE by its MAC ADDRESS ProgDario Cisco 17 05-06-2005 02:32 PM
Routing to public IP of NAT address from internal NAT address Andrew Albert Cisco 1 02-08-2005 07:05 PM
Re: Hide Address Bar or Encrypt Address?? avnrao ASP .Net 1 05-04-2004 03:46 PM



Advertisments