I think logging IP's is pretty harmless, too. So many sites do it... I'd worry more about what you download from sites.

1 phrase, is ALL you need:

"Anonymous Proxy Servers"

(GOOGLE THAT PHRASE, Including the quotes surrounding it, & you will see what I mean... entire LISTS of them are out there, & updated regularly no less).

EDITING NOW, an example list:

http://www.publicproxyservers.com/



* A bit slower (even IF you manage to snag a F A S T one), but... if you're concerned about that type of thing? Find them online... plenty of lists of them, & NO, I don't mean "Anonymizer" (really slow, unfortunately)...

APK

P.S.=> Most webbrowsers take them easily enough too in their Options/Preferences screens... apk

Just use an on-board mixer, but unless your going to purchase a few cases of Kalashnikov's why bother its quite hard to find somebody from just an IP addy

Quote:

Originally Posted by Cat-tranz

its quite hard to find somebody from just an IP addy

Actually... it's NOT too hard!



PLUS - You actually CAN "Zero-In" on someone online, & TELL WHERE THEY ARE COMING FROM, via their IP address!

... & here is how (as to WHERE they are coming from), via a VERY EASY TO USE PROGRAM NO LESS:

-------------------------
3D TraceRoute Pro:
-------------------------

http://www.d3tr.com/download.html

-------------------------

You moderators MAY FIND THIS, EXTREMELY USEFUL @ times... bear/keep that in mind!

That program will literally find where someone is on the planet, via their IP Address (however, provided they are NOT using what is in my previous post above - an anonymizing proxy server)

It will first do the std. ping/echo traceroute (what you have in your OS already, albeit via DOS mode tty terminal console type commandline work) via a NICE GUI interface... how does this GUI one differ though, & especially in helping YOU determine WHERE SOMEONE IS FROM?

Well, once it is done doing the traceroute, it has a map of the planet & will show a line for each "hop" your traceroute takes...

(Eventually terminating @ the last hop, which is WHERE they are coming from (provided you can reach it, you can't always DO that @ times - because in a firewall, you can prohibit ECHO REPLIES, & ICMP (ping)))

APK

P.S.=> E.G.-> I busted a few guys from arstechnica who were posting as others (themselves, under "alternate guises", diff. usernames, but SAME person) in an attempt to "support their points", & one another, via faked emails (actually yahoo & gmail ones + diff. usernames for said forums) lol...

I did it via a promiscuous port sniffer (first, & then I used the tool I noted above, afterwards)...

The port sniff was to see who was logging in & from where (this is a "BEYOTCH" to do, but they ticked me off badly enough to go thru it, because they posted as myself on their forums (impersonating me) plus, it was "good practice" for me anyhow (& IF I wanted to be a real bastard? I could have logged in as THEM, & posted as them)).

I.E.-> One fellow, once I got his REAL NAME (which was NOT easy) then had stated he was NOT from "staten island" originally... & I got him to admit this was a lie on his part & that I did indeed have his REAL name.

He was coming in out of Notre Dame (A university in the U.S.) where he is a post graduate student currently (or, was @ the time).

Another one of his pals then literally ADMITTED to doing it, once he saw THAT happen to his pal...

(Students - lol! Especially in comp. sci. ... They THINK they're 'smart', until they are shown otherwise)

Let me tell you: It was VERY satisfying proving to the planet (on a widely travelled forums online @ Windows IT Pro magazine) that he & his pals from arstechnica are liars & dishonorable cheats basically!

(Caught "red-handed" in the act no less, with their "hands in the cookie jar"... with 2 of them admitting to doing that in the end... much to arstechnica as a whole's dismay)... apk

It's easy to find a general location, not so easy to find a specific person. I can't look at your IP that we have logged on this site and magically get your home address.

And there are other things to consider. For example, in your scenario, what if the IP was routed to a university (i.e., multiple users sharing one public IP)? It is not completely out of the realm of possibility that two students of the same university share the same view.

All in all, an IP address is pretty damn useless in the grand scheme of things. I remember "back in the day", all these script kiddies would come around bragging about how they tricked so-and-so into giving up their IP address -- as if it mattered.

Quote:

Originally Posted by Christopher

I remember "back in the day", all these script kiddies would come around bragging about how they tricked so-and-so into giving up their IP address -- as if it mattered.

Tell you what: Take a read below, IF you doubt me.... ok?

Yes... I used some "nefarious means" @ times, admittedly (but, only in response to what had been done to myself, for years)...

PROOF (part of it, the very ending (leaving my opponents speechless with no reply & more))

See here (in case you're interested):

http://windowsitpro.com/articles/ind...1095&cpage=216

Long read, but amusing... imo, @ least - especially that last post, icing on the cake as to ANY statements I made below, ok? This went on, for YEARS (over @ arstechnica especially & I got sick of it, in being libelled, impersonated, & more... so, I took care of it, myself!)

Quote:

Originally Posted by Christopher

It's easy to find a general location, not so easy to find a specific person. I can't look at your IP that we have logged on this site and magically get your home address.

I can't mention names (of folks that helped me, other than company names etc. in the URL above), but, I can however, clue you in (somewhat) & here goes:

Yes, point taken on THIS note, for "ordinary users"...

& yes, there is a SMALL 'hassle' w/ IP addy's @ times - they CAN be (for example) up to 100++ miles (or so) "off target" & mainly because your ISP/BSP does NOT have to be "next door to your home", but "relatively" far away...

STILL, it is not like saying you live in NYC, but are shown CHINA instead (lol), unless coming thru via PROXY servers (which I do mention above).

HOWEVER, in a University scenario? Diff. story, totally.

Quote:

Originally Posted by Christopher

And there are other things to consider. For example, in your scenario, what if the IP was routed to a university (i.e., multiple users sharing one public IP)? It is not completely out of the realm of possibility that two students of the same university share the same view.

Put it, this way - when I contacted the people who controlled it from there, eventually, to verify? They told me EXACTLY who did what & when (after some "pressure" of legal action, etc. if need be, once the rest was noted to them from a reputable source (isp's/bsp's, hosting providers, & more, all in the above url))...

& with SOLID evidence, & the right folks backing you? No problem. I had to do a ton of legwork, per "various means", but in the end?? Worth it.

They then simply did the verifying what I had suspected, because the person I was after, alongside his pals, had DEFINITELY busted the law & kept harassing, impersonating, & libelling + threatening myself (my family too (not for a few days mind you, but site-to-site, for nearly a decade & across the internet - I finally just put a halt to it, is all)).

Funniest part is, what they tried to do to me? LOL, backfired, & instead, happened to them... hilarious, poetic ironic justice.

I.E.-> Their websites were removed in their entirety or in part on that one, & being caught in lies to the max was another (tons of that on the URL above as proof no less). Their harassing emails? STOPPED COLD, along w/ threats to my family no less!

(AND, on technical levels? LOL, the "great arstechnica" & their "expert in Exchange" (Jay Little)?? Wrong, & caught flat-footed on the topic @ hand, about Ramdisks & BSOD's (over @ NTCompatible.com, where he also pursued me to, & made a fool of himself on those accounts, immediately, & even another arstechnican (mod there named DosFreak) shot him down on those accounts as well, oddly enough!)

Far more too... he left, out of shame, after lying about stealing my sourcecode, to which I asked "show me the delphi code they were written in", & then his later TRYING to disassemble it, for an ASM dump!

(To which he got a RUDE awakening - trying to do that to wares I have done online, to their actual FILES on disk results in them shutting down immediately due to FileSize & CRC-32 checks, which also works vs. viral infestations too!)

Which turned up another HUGE lie on Jay Little's part.

Jeremy Reimer & Jay Little were the worst of the lot... the other fellow (student, who shall remain nameless, & was used as a dupe/stooge imo? I let be, on the agreement he was "out of it" for good... he has a future. The other two? Do not!)

Quote:

Originally Posted by Christopher

All in all, an IP address is pretty damn useless in the grand scheme of things.

Ever used a port sniffer (a promiscuous mode one)? If not... then, LOL, no it's not...

Ever heard of a "man-in-the-middle"/mitm attack??

If so, it's NOT that "radically different" either, just a regular SOB to setup (If you've been programming around sockets @ all, not that tough, just time consuming)... plus, interpreting the datastream (mishmash & TONS OF IT, as long as it's not encrypted though? ha, & especially if they screwup in their router or NIC settings).

Anything's possible, if you're pissed off & determined enough. Those dolts made threats regarding my family, who had NOTHING to do with anything... that, to me & MOST folks? Is motivation enough, by far.

(Put it THIS way - it'd been easier, by far, to DOS them or write up a bogus machination like a virus/spyware (which I will NOT do, because it is bogus) & DDOS them... but then, I become my worst enemies (yours too in a way) in being like them)

However/Also - you have to "know the right folks" too... this is, catch-22, & how to approach them is all.

APK

P.S.=> Still, makes me angrier than a hornet, even thinking about it... I hope it never happens to you (I mentioned this to Cat-Tranz, "it never ends" in 'pm' in fact)... however, all-in-all: You guys ought to find the 3dTraceroute (full model only has the map portion I spoke of though, not freebie one) useful, in this capacity... apk

I am sick of paranoid internet users freaking out because they think someone has their IP address, which is why I am trying to explain things here. If you talk on some IM services, play online games or visit websites -- people have your IP address. It doesn't mean anything.

IP's are not important at all. It's like knowing a domain name -- oohhhh big woop. Your examples of port sniffing and man in the middle attacks are nothing to do with IP addresses beyond a target, they depend on other weaknesses to be any use at all (sniff google.com, where'd that get you?). The only danger is if your computer is really damn insecure and you piss off some kiddie and he manages to remotely control your computer (read: chances are very very very low).

It is very difficult getting a real person from an IP address. ISP's need to release that information to someone. To do that takes a court order. There are things called privacy policies here, if they give out your info to just anyone, then they are held liable. Institutions are often different (a specific business, university etc), but actual ISP's are not so lenient. If someone wants to find you, they will have better luck by looking at your myspace profile.

Running websites has taught me this lesson. It is next to impossible to deal with users who want to cause trouble. We can ban IP's all we want, they just come back through proxies. We can contact ISP abuse departments, but they rarely do anything, especially if they are outside North America. The only thing to do is borrow a botnet and boot them off the internet for a while! (Kidding, of course hehe)

APK, I am not disputing your story (tbh I just don't have time to read into it). I am merely trying to reduce the FUD associated with the myth of the "all powerful IP address".

Quote:

Originally Posted by Christopher

I am sick of paranoid internet users freaking out because they think someone has their IP address, which is why I am trying to explain things here. If you talk on some IM services, play online games or visit websites -- people have your IP address. It doesn't mean anything.

Well, it depends on IF they have crucial info. on their rigs (this can vary from family photos, to multimillion dollar codebases for example (all relative really, as to "flipping out" etc.)).... if I were to lose my current setup, have a mirror @ worst I break it & am in again (or, I go to last month's backup, I wouldn't lose TOO much).

Backups SHOULD be done, but, often they aren't (you've probably seen this yourself too @ some point in aiding others).

E.G.-> Sometimes? I store WORK DATA... & in that code & tables? There ARE passwords & such... it can be VERY 'dangerous'. BUT. this is what "EFS" is for, thank goodness for NTFS5!

Quote:

Originally Posted by Christopher

IP's are not important at all. It's like knowing a domain name -- oohhhh big woop.

Well, it CAN be - I wouldn't sniff an ENTIRE domain, & one of THAT much traffic in nature!

Too much data (but if its not encrypted via VPN tunnels etc.? You will get what you want, eventually, IF you take the time in doing it is all I am saying - if you're determined enough & know when the person's online? Anything's doable, just patience is all you need).

Quote:

Originally Posted by Christopher

Your examples of port sniffing and man in the middle attacks are nothing to do with IP addresses beyond a target, they depend on other weaknesses to be any use at all

It does, I state that above in fact... & (not saying anything specific here, but, it does work (just like folks not doing backups, they have things setup "wrong")...

E.G.=> uPnP in routers... HUGE weakness... just 1 example. Many home routers are vulnerable to it... a lot of folks DON'T disable it either.

That's just one, I am sure you know others too possibly.

Quote:

Originally Posted by Christopher

(sniff google.com, where'd that get you?).

Lots of data, & if you're ticked off enough, plus determined enough?

Again, you WILL eventually get what you're after... just like novocaine, give it time, always works.

Quote:

Originally Posted by Christopher

The only danger is if your computer is really damn insecure and you piss off some kiddie and he manages to remotely control your computer (read: chances are very very very low).

Right... that's the point of the security post I put up here (secure yourself)... totally as much as possible, to offset that... yes, some folks call it "paranoid", I call it 'peace of mind security'... depends on your point of view!

Only problem is, some of them are NOT "kiddies"... check out info. on the "RBN" they are for real, & out to take your monies man. They don't do it by actual penetration cracking, but rather by using your apps against you.

Quote:

Originally Posted by Christopher

It is very difficult getting a real person from an IP address. ISP's need to release that information to someone. To do that takes a court order.

Not if you know people - to be real? Put it THAT way - I know, & for a fact, that people @ ISP's/BSP's "bend the rules" more than you'd think... trust me on THAT much. They're human beings man... people DO, do that.

Quote:

Originally Posted by Christopher

Institutions are often different (a specific business, university etc), but actual ISP's are not so lenient.

They are when you're right:

I had Jay Little & Jeremy Reimer's sites taken down from above...

First one Kicked off his ISP/BSP, why? Death threats & such... second had tracts of his site pulled by his hosting provider too.

You can read it above, IF you like. He violated their terms of service (this IS the best & only way to do them in, nice & easy + legal like - no hack/crack required).

U's are, imo, because they probably deal with fools like the kid I was speaking about above (much as you may have to here)!

They probably get sick of it (nameless here, no point in bringing HIM up, as I feel he was duped into it & used))

Quote:

Originally Posted by Christopher

If someone wants to find you, they will have better luck by looking at your myspace profile.

That's probably the truth.

I'm not SO worried about my home addy, that I can use a shotgun for (or the local police, whichever comes first to my aid)...

To be blunt about it? I live in a pretty screwed up area & you need something around here in your home to defend yourself...

Around 7-10 robberies this past year no less, & it's only JUNE (almost)... I had to speak w/ a detective the other day (2 days back in fact) NICE GUY: Told him to tell his men to come up here & do their paperwork (anything for police presence)

The local news was here interviewing folks that got "hit", yesterday in fact (WSYR)...

We've had to shoot @ one before, a few years back in fact, & right inside this house, kid you not.

Cops didn't really care either & I DON'T BLAME THEM 1 BIT! Plenty of their grandma's & other relatives live around here... they are NOT with thieves & such, @ all.

Used to be a great place, but lately?

Quote:

Originally Posted by Christopher

Running websites has taught me this lesson. It is next to impossible to deal with users who want to cause trouble. We can ban IP's all we want, they just come back through proxies.

Yup, seen that before too (from the bunch from arstechnica above)... between proxies & gmail/yahoo etc.? You're right as rain...

Personally, as to how I'd do a site?

(I've seen this done on the "biggest" Dr. Who (sci. fi show I like) forums online?? They won't let you IN with a gmail/hotmail/yahoo account, period)

Quote:

Originally Posted by Christopher

We can contact ISP abuse departments, but they rarely do anything, especially if they are outside North America. The only thing to do is borrow a botnet and boot them off the internet for a while! (Kidding, of course hehe)

Not that easy, IF a system's secured...

E.G.-> You can try to flood the heck out of a machine (SYN-ACK) but, if the machine's NOT SOLICITING CONNECTIONS? What good is it?? A bit of "slowdown" @ most... a few registry hacks can offset those (fragmented packets & the lot).

Webservers & sites do though... which is WHY DDos/DOS works so well on them in sucking up all the available connections & very fast too...

Imo? IPv6 can't get here soon enough imo (it makes it FAR simpler to ID someone from what I have read, as well as increasing the sheer # of addresses possible out of IP).

Quote:

Originally Posted by Christopher

APK, I am not disputing your story (tbh I just don't have time to read into it). I am merely trying to reduce the FUD associated with the myth of the "all powerful IP address".

No problem... good discussion, nice to see someone into things of this nature... It's not a myth though, as regards getting @ someone's computer... & you CAN find out where someone is from & more (although, not QUITE by same means, lol, & I can't say more here - I did it above, proofs in that URL in fact).

I guess, from my example above? Trust me - it's doable though, & I'll agree, it's tougher on an ISP/BSP range, than it is for an isolated school or business by far... I've done it, literally as I stated above - I just finally got sick of the arstech bunch, & took care of them, 1 by 1.

(Haven't had a problem since from them, not 1 - it was necessary, & turned out well: PEACE, basically, finally!)

APK