[13224] in Public-Access_Computer_Systems_Forum
Re: Question regarding IP addresses
daemon@ATHENA.MIT.EDU (Jack Kessler)
Thu Mar 30 20:06:58 2000
Date: Wed, 29 Mar 2000 15:26:21 -0800
From: Jack Kessler <kessler@WELL.COM>
In-Reply-To: <882568B0.00612E55.00@NOTES.RLG.ORG>
To: PACS-L@LISTSERV.UH.EDU
Reply-To: Public-Access Computer Systems Forum <PACS-L@LISTSERV.UH.EDU>
Message-Id: <Pine.GSO.4.10.10003291509140.9938-100000@well.com>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
This addition to Walt's response: the host computer / server
identified by a numeric IP is unlikely to be the "who they are" /
"someone" which you seek, Dick.
More likely it will be a giant system server, or even one of a
series of same, administered by a big ISP -- think "aol.com" or
"earthlink.com" -- which "dynamically assigns" one of its many
hundreds or even thousands of IP numbers to each of its
individual human users as she / he dials in to use the service.
The IP gets reassigned to some other user once the session is
over. And even if the session record is kept for long by the ISP
-- a large ISP will generate many millions of them over a very
short period, and understandably will dump them periodically --
and even if the record does trace to an individual user's
"account" record or other identifier, which they usually do
although not always, you are unlikely to be able to get said
identifier from the ISP for logical legal privacy and marketing
policy reasons. You can get a court order for something illegal
-- a good ISP may cooperate on something like a hacker attack
problem for instance -- but otherwise it's proprietary.
This isn't always the pattern -- some individual users do have
their own IPs, which you can identify and narrow down to the
individual on your own usage logs -- but increasingly,
particularly as the Nets have gone commercial, most individual
users go through big services now.
Jack Kessler, kessler@well.sf.ca.us
On Tue, 28 Mar 2000, Walt Crawford wrote:
> Dick Moore asked:
>
> >I have place a security firewall on my home computer
> >to restrict unwanted access. It now tells me the numeric
> >IP address of those trying to access my computer.
>
> >I would like to be able to tell who they are. Can you
> >tell me how to identify someone from this numeric IP address?
>
> You can't really "identify someone" from the IP address--
> but if it's a stable IP address assigned to a named host,
> you can get the name of the host. We use a local tool to
> do that on certain occasions.
>
> A colleague who knows about this stuff noted the "gethostbyaddr"
> function in Perl and C--but also noted a freeware Windows utility
> that packages this function. It's true freeware (no payment expected),
> it's tiny, and it seems to work just fine.
>
> The name of the utility is "ghost" and you can download it from:
>
> http://www.webattack.com/freeware/network/fwip.shtml
>
> (scroll down to "ghost")
>
> Disclaimers:
> 1. I'm no expert on this kind of stuff (I'm barely even a novice)
> 2. This is a personal response with help from my friends. RLG does
> not recommend this software or have anything to do with its creation.
> In other words, don't blame me (or RLG) if it does something wrong.
>
>