Finding out the owner of an IP address

L

LightPhoenix

First Post
A friend of mine is getting some harassing messages from an IP addy which I won't reveal here. I've traced the IP back to her college, and it's probably someone in her dorm. I was wondering if there was any way of narrowing that down short of contacting her college's computer services department. She doesn't want to do that, but this isn't the first incident of harassment she's had to deal with this semester, and the police aren't doing anything to help. I'm a bit worried it's someone she might know, and that something might happen to her.
 

log in or register to remove this ad

LightPhoenix said:
A friend of mine is getting some harassing messages from an IP addy which I won't reveal here. I've traced the IP back to her college, and it's probably someone in her dorm. I was wondering if there was any way of narrowing that down short of contacting her college's computer services department. She doesn't want to do that, but this isn't the first incident of harassment she's had to deal with this semester, and the police aren't doing anything to help. I'm a bit worried it's someone she might know, and that something might happen to her.
Click to expand...

had this happen to a friend too, and short of going through the college would be to 'socially engineer' a way to find the person, such as ask to borrow the computer then look up their IP. Kinda sketchy, I would go straight to the college.
 

MarauderX said:
had this happen to a friend too, and short of going through the college would be to 'socially engineer' a way to find the person, such as ask to borrow the computer then look up their IP. Kinda sketchy, I would go straight to the college.
Click to expand...
Yeah, I not a big fan of semi-illegal stuff such as social engineering. I could talk to a couple people who I know work for Road Runner here and have them place a call for me. But if she doesn't want to contact computing services at her college, I'm certainly not going to take things into my own hands.

We're pretty sure it's a computer in her dorm... the problem is that the IPs aren't assigned in any order, so locating the room isn't particularly possible. But as we've analyzed stuff, we're almost certain that it's someone who knows her fairly intimately, and we've narrowed down a list of suspects. Unfortunately without being there I can't flex my investigative muscles. She was gonna check out a few IP addresses of her friend's computers, but most of those could definitely be used by more than one person.
 


You sound like you're pretty tech-savvy; please don't take offense if you've already tried the following:
I'm assuming that you're referring to Email messages from a particular IP. You've probably already done this, but you might try checking the headers for the machine-name. This is a excerpt from an email header at my college (numbers changed to protect the innocent):
Received: from LEVIATHAN (dhcp2-76-130.ov.resnet.unca.edu)
If the sender is a fool, and your college is set up like mine is, you can get a good idea of where the message is coming from -- in the above case, I recognize that "ov" was part of a dorm called "the village," and the room-number is either 76 or 130.
Of course, you can always tracert the ip to get an idea of where it's coming from. That too will give you a machine-name to go on.

You don't have to do anything illegal to find out who this is. If your friend knows any computer-lab assistants, chances are good that they could figure this out easily.

The real question here is: What are you going to do when you figure it out? Going through official channels would probably be the wiser course. Unless you're planning to kick his butt or hack his machine, you'll be better off having an official record of complaints against this person...especially if this turns into anything more sinister than digital harassment.

Good luck,
Spider
 

Spider said:
I'm assuming that you're referring to Email messages from a particular IP. You've probably already done this, but you might try checking the headers for the machine-name. This is a excerpt from an email header at my college (numbers changed to protect the innocent):
Received: from LEVIATHAN (dhcp2-76-130.ov.resnet.unca.edu)
Click to expand...
That would be smart and I wouldn't have thought of it. Unfortunately, it wasn't e-mail, it was comments posted anonymously on a livejournal, so all I have is the IP address. These comments were of such a personal nature that they could only have been by someone close to her. Doing a whois at the IANA website comfirms that it's at her college, and since the third part is the same as hers, it's probably in the same building as she is.

Of course, you can always tracert the ip to get an idea of where it's coming from. That too will give you a machine-name to go on.
Click to expand...
Good call, I'll try that. As I said before though, we're pretty sure it comes from her building. Still some information could definitely be gleaned from that.

The real question here is: What are you going to do when you figure it out? Going through official channels would probably be the wiser course. Unless you're planning to kick his butt or hack his machine... <snip>
Click to expand...
For one thing, we're almost certain it's a "her".

For another, I don't have quite enough knoweldge to hack the machine, and it's physically impossible to kick her ass - we're quite far apart. She's studying abroad. Even so, it's not up to me what to do, it's up to my friend. I'd urge her to go through official channels, but if she chooses to confront this person verbally, there's not anything I can do.
 

Spider, I think I want your brain. Specifically your computer knowledge. :)

Unfortunately, the tracert didn't work, the college must have a firewall of some kind blocking the tracert. Thanks for giving me one more option to try though. Looks like I'll just have to convince my friend to contact the university's comp services, or contact them myself.
 
Last edited:

Hi LightPhoenix,
probably your friend should do the tracert. If they're behind a firewall, chance is that there's an LAN with local IPs (something like e.g. 10.x.x.x). So someone within the same IP-Range could use tracert quite well.
Another possible tool (in Windows-networks) is the DOS-command "nbtstat -a IP-Addy" so e.g. "nbtstat -a 10.100.100.100".
This command gives not only the computer name but also the username of the current user.

Greetings
Firzair
PS: I, too, think that the official way would be best.
 

Firzair said:
Hi LightPhoenix,
probably your friend should do the tracert. If they're behind a firewall, chance is that there's an LAN with local IPs (something like e.g. 10.x.x.x). So someone within the same IP-Range could use tracert quite well.
Another possible tool (in Windows-networks) is the DOS-command "nbtstat -a IP-Addy" so e.g. "nbtstat -a 10.100.100.100".
This command gives not only the computer name but also the username of the current user.

Greetings
Firzair
PS: I, too, think that the official way would be best.
Click to expand...
ping -a 10.100.100.100 will also give you much the same information. I've done this on my network (not because of harrasment, but just to find out who was bothering me with netsend messages) and it works well, assuming your friend's school has some kind of coherent naming scheme (which it should).
 

Similar Threads

Snarf Zagyg
Streaming Movies and Power Rankings: A Reverie on Max's A24 and Netflix's Rebel Ridge
2
Replies
10
Views
12K
Snarf Zagyg
Snarf Zagyg
Snarf Zagyg
nuTSR and the Defamation Lawsuit: How to Read the Appellate Brief of LaNasa
2
Replies
15
Views
3K
Wincenworks
W
Snarf Zagyg
D&D General Not the Wicked Witch: Revisiting the Legacy of Lorraine Williams
23 24 25 26 27
Replies
265
Views
43K
PHATsakk43
PHATsakk43
Starfox
Duskvol in Darkness campaign log
Replies
0
Views
731
Starfox
Starfox
cthulhucthulhu1453
Please delete this
2
Replies
14
Views
3K
Cergorach
Cergorach
Remove ads

Top