Sign in to follow this  
Followers 0
Seal

Finding physical address from IP

9 posts in this topic

Let's say you have someone's IP address, and you want to find out where they actually live. Assume that traveling there is not a problem. Bear with me on this, this is all for the purposes of a bit of fiction I'm writing.

The ISP knows to what address an IP belongs, but I assume that would be off limits. First off, you can use geolocation software to get a general idea of what town they're in (verified by seeing the hostnames of a tracert.) Then, once in the target town, you could traceroute to the destination IP from random routers you leech off of in the city. The fewer the hops, the closer you are. Eventually, when there's but two hops between you and the target, you know you're as close as you're going to get using this technique. From there on in, you wardrive and hope to find the wireless router that has that IP. Otherwise, I don't know what you would do.

If you do happen to find the IP, you could then use signal strengths to determine the actual location of the target host. Any ideas on this? Any other ways of going about this you can think of? I'm not too keen on being dependent upon the target owning a wireless router, but I don't know of another way to identify the location without them. Perhaps measuring latency of with the unknown target with respect to the mapped locations of other established IPs in the same area, but that might not give an accurate representation of distance with respect to the ISP's router. Plus, at such close proximity, latency might not be related so much to issues of physical distance.

Edited by Seal
0

Share this post


Link to post
Share on other sites

Or you just send the ISP a bogus 512(h) subpoena. That could work too :lol:

You can also impersonate law enforcement personnel from some random not too well known country. These really aren't very legal though.

As well, I'm sure you could think of a dozen social engineering tactics to get that info as well, or even have someone on the inside and pay them a small bit if you're going to do it frequently.

0

Share this post


Link to post
Share on other sites

Greyarea wrote a textfile a while ago about SEing a telco to divulge the info of private callers. Basically he conned a Sherrif's office into sending a signed letter to a fax number he set-up. After editing it, he re-faxed that letter to the telco. I assumed you could do something similar with an IP address.

That t-file can be found on http://www.phreaksandgeeks.com/.

0

Share this post


Link to post
Share on other sites

One idea, probably not that effective is that if you know the IP, do a port scan of the entire range, looking for any unique host names. Sometimes people will name there PC's using an address of where they live or a name. If its a name, look it up in the directory.

0

Share this post


Link to post
Share on other sites

Thanks guys, it's really appreciated :)

0

Share this post


Link to post
Share on other sites

Or maybe they had a Myspace acct and they were dumb enough to use their real address..

0

Share this post


Link to post
Share on other sites
Or maybe they had a Myspace acct and they were dumb enough to use their real address..

yeh usually the easiest way to find someone is not through ip address, but either a little persuasion or there plain stupidity.

example sometimes people will pick there name as aka shadowdog56772...hmm wonder if thats their zip code? or may favorite is like jsmith123@aol.com hmm wonder what his name is...talk to them a bit then just slip in a "yeh im from indiana... what about you?" or a "hey you have a myspace? mine is http://www.myspace.com/ifyouclickthisyouarestupid whats yours?" myspace and facebook are probably the 2 easiest ways to find out about people fast...

i just realized that i gave a psycho the starting roots of how to stalk someone... oh well

0

Share this post


Link to post
Share on other sites

If the IP address is a static IP (or at least rarely changes) it's pretty easy to social engineer the information out of the cable/phone company. I've done it many times. I just play one department against the other. Figure out the names of the different places you can be transferred to, such as customer service, sales, technical support, etc. Then just say something like this:

"Hi, this John from customer service and I'm transferring a customer to you. But for some reason I can't seem to find their account by their phone number or address. You can pull up by IP address, right? Okay, let me give you that. .... Great, and the name you have is...?"

I know it's stupid to think a customer service rep. can't pull up an account by an address and it's stupid to think that most customers would be capable of figuring out their own IP address, but they rarely question things out of the ordinary. You can also tell a department that you're simply having issues trying to pull up an account (you're not transferring) and that your supervisor suggested calling them to pull it up by the IP address. Or that you're working with the fraud department of some other company or the police and that you need them to pull up by the IP. As long as you sound somewhat convincing, they'll think you're in the same company as them. It's easier than you'd think.

0

Share this post


Link to post
Share on other sites
If the IP address is a static IP (or at least rarely changes) it's pretty easy to social engineer the information out of the cable/phone company. I've done it many times. I just play one department against the other. Figure out the names of the different places you can be transferred to, such as customer service, sales, technical support, etc. Then just say something like this:

"Hi, this John from customer service and I'm transferring a customer to you. But for some reason I can't seem to find their account by their phone number or address. You can pull up by IP address, right? Okay, let me give you that. .... Great, and the name you have is...?"

I know it's stupid to think a customer service rep. can't pull up an account by an address and it's stupid to think that most customers would be capable of figuring out their own IP address, but they rarely question things out of the ordinary. You can also tell a department that you're simply having issues trying to pull up an account (you're not transferring) and that your supervisor suggested calling them to pull it up by the IP address. Or that you're working with the fraud department of some other company or the police and that you need them to pull up by the IP. As long as you sound somewhat convincing, they'll think you're in the same company as them. It's easier than you'd think.

Your right on with that, rbcp. To go one step further, though. I worked at Time Warner Cable for a few months on their tier 3 support team for internet and phone. They will give that information to anyone who claims to be the owner of the account. We were supposed to verify the owner of the account by last 4 of their ssn, but that hardly ever happened. Most of the time, you could just simply get information or even switch services by providing a name, address, or even phone number. SEing TWC is not difficult at all, and often times can be done by people acting as a customer calling in for support. The challenge put forth by Seal would require some level of SEing to ultimately pinpoint the individual however.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0