When
a computer is attacked, it's often possible to obtain an IP address
that's close to the attacker's location. Intrusion alerts from programs
like Norton, McAfee and Malwarebytes often provide the best address they
can. And you can find similar information in the "full tracking
headers" or "message sources" of email messages. These headers have
different names in different email systems and are viewed in different
ways. But once you determine how to open a full header in your email
system, search it for a "from" or "source" IP and trace that address. To do so, slip the address into a few of the many Web services that map IP locations. My current favorites (in this order) are:
- http://www.liveipmap.com
- http://www.ip-address.com
- http://www.whatismyip.com/tools/ip-address-lookup.asp
They'll probably map the address to slightly different locations. That's because each service uses a different geolocation database and tries to find the Internet router that's closest to the target IP. The accuracy of the result depends on the database used and the number of known routers in the target IP area.
For example, I just traced my own PC's IP address, and these services mapped it to Medford, Mass.; downtown Boston, and, yes, just down the road in my own hometown. But all locations were within 6 miles of my PC, so the results were pretty darned accurate. Your traces may get equally close to the attackers' locations (and might also tell you the ISPs they are using).
No comments:
Post a Comment