UGN Security
Posted By: snuffy A self-imposed Test - 02/12/06 02:50 AM
Okay, so I found this forum in which people had posted anonymously about me and my friends. A lot of it was very flattering and some of it was not. However one person was so flattering (wink) that I want to try and find out who they actually are.

Now, I've issued myself a personal challenge. I recently have become interested in hacking/programming, but I know nothing about it. I've read the newbie forums, esp secions like "How to be a Hacker" and the like. However, I feel that my technical knowledge is limited. I don't want to learn these skills to hurt or disrupt peoples lives, but just to stretch my own abilities and see what I can do.

So, based on my understanding, even if the post is made anonymously, the server keeps a record of the IP address the user writes from. So does that mean there is a theoretical link to the physical location of the user? Or the identity of the user? If the user is at a public computer, or on a LAN like a school library, then how can I figure out who it is? A keylogger and then cross-reference the time and the keys?

Basically, I want to teach myself about TCP/IP, the logistics and concepts of hacking, and maybe a language like VB, Perl, or C++ (eventually).

Please Help a Newb
Posted By: Gremelin Re: A self-imposed Test - 02/12/06 08:17 AM
Well, I'll skip though all the "I want to learn to..." randomness...

99% of web applications which allow you to do ANYTHING will log your IP address, for tracking or abuse tracking. This is stored with your post, with your user account, and sometimes in a "full access" file which has every visitor of the site in it.

IP's are purchased in "blocks" of IP's by your ISP, these "blocks" can be traced to that isp; most IPS's then allocate these blocks to differant areas, which most also assign a host name.

Now, an example, say 127.0.0.1 (genaric ip for your loopback to your pc) dns' as "localhost" (or for our explanation here, "localhost.com"); localhost.com as the domain can be traced to a registrant who owns the domain, thus pinpointing the address of the institution (if a school); if there is no domain in the reversal you can still track by the owner of the ip address.

Additionally some isp's give a more "pinpointed" hostname for most users, for example i could have: 127-0-0-1.or.comcast.net showing i'm using comcast.net as an ISP, in their Oregon market, with the IP "127.0.0.1".

Some schools assign hostnames to track users in dorms, skull has "skull.hisschool.tld" for his dns (not sure if they gave it to him or if he requested it, but whatever).

On to programming, if you decide to go the route of computer programming, go C++,, it's what i'd recommend.

If you'd like to go Web Programming go with PHP/MySQL/XHTML/CSS, do it well, you make some green.
Posted By: snuffy Re: A self-imposed Test - 02/12/06 08:42 AM
Okay, so I feel as though I understood most of that, but how does one practically DO it? What do I actually DO to make that happen?
Posted By: Gremelin Re: A self-imposed Test - 02/12/06 09:44 AM
well, you get an IP address... Any user has an IP... Any domain is on an ip...

You then go to a service which looks up IP addresses, SilentRage has one of these available at:
http://whois.dollardns.net/ip.pl

My example:
http://whois.dollardns.net/ip.pl?query=www.undergroundnews.com

shows that our domain us using the ip 65.19.133.39, which belongs to Hurricane Electric (ISP) in California...
Posted By: snuffy Re: A self-imposed Test - 02/16/06 01:05 AM
okay, so I've experimented with querying the IP of various hosts, and I think I understand. But how would I find the IP of the user who posts on a site? For example, I might look up
http://whois.dollardns.net/ip.pl?query=www.undergroundnews.com

I would get the IP, the hosting information and what not, but how would I find the IP address of a specific poster, for example, you (please don't take that as an actual threat of some kind). And more importantly how do I get to that point if the user is anonymous?
Posted By: Gremelin Re: A self-imposed Test - 02/16/06 02:00 AM
You wouldn't, the forum software which stores the IP stores it for privacy, only the admin and staff have access to addresses; no site should allow public viewing of user ip addresses for as little as privacy concerns.
Posted By: snuffy Re: A self-imposed Test - 02/20/06 03:26 PM
so you're saying that there is no legal way that someone could find the user IP on the site?
Posted By: Gremelin Re: A self-imposed Test - 02/21/06 09:26 AM
Legality isn't the issue with "SEEING" it, it's mainly FEATURE wise that it'd be near impossible..

It is bad business practice to allow the public display of user ip addresses as it would allow anyone to preform a DDoS on someones IP address (or any other array of things, including attempting to "hack" a user, or threatening to do so as well).

I know of no web forum which archives IP's which allow a public display of the IP in their stock code; well, the UBB DOES have the option, but i know of not one admin who utilises it.

Additionally, it's bad business practice to display ip's as users are not interested in having their information displayed for public use, that can be traced back to them, and only them.
Posted By: snuffy Re: A self-imposed Test - 03/13/06 02:05 PM
So the host server would store the IP locally and include it in HTML code available only to the admin? Obviously the host needs to have access to that information in order to ban that user if the need were to arise right?
So if you were to gain admin access to that server you could view it?
By the way, thank you for being so patient/informative
© UGN Security Forum