How far can I track an IP?

[Simple_Steve]

Hey, the long and short of it is that my girlfriend has been hacked.
She was sent an email with sensitive information (about her) by the culprit from a gmail account. I checked the details of the email and at first look it seems as though it was sent from a residential address in Canada.

Now, some1 who has hacked god knows what of my girlfriends. Would not be stupid enough to send it from their actual IP would they? Surely they must have used an IP cloaking program that re-routes it?

So my question is, how do I trace back beyond this IP. I'm not sure how to get the mac address of the individual in order to carry on checking where they are sending data from.
(If they are in another country I can let this go, if they are local then the police need to get involved.)

 

[Dist]

Short answer is you can't do anything to track it.

As for MAC address thing, that won't help in any way since they only have local significance (they are not transmitted all the way over the internet) and they don't have to be unique (easy to change them).

 

[ChrisD.]

Report it to GMail, it's about the best you can do.

As above, MAC addresses only stay on local networks, they aren't transmitted beyond routers.

 

[Simple_Steve]

Thank you. I have called the police and they have all the details I do. Do you know if the police would be able to trace this any further either? It unnerves me that I do not know where this person is.

 

[J.B]

You could find the ISP that the IP address belongs to and report it but realistically there is not much you can do.

 

[David91]

As for MAC address thing, that won't help in any way since they only have local significance (they are not transmitted all the way over the internet) and they don't have to be unique (easy to change them).

Pretty much correct, one thing. A MAC address is transmitted along with the packet across its entire journey. This is because the MAC address is required when delivering the packet to the destination host. A MAC address is used during switching operations and is a locally-significant unique identifier what identifies each host on the network.

Just thought I'd point that out. The rest of your point still stands though, as it is awful easy to change a MAC address in all OSs.

 

[Dist]

Pretty much correct, one thing. A MAC address is transmitted along with the packet across its entire journey. This is because the MAC address is required when delivering the packet to the destination host. A MAC address is used during switching operations and is a locally-significant unique identifier what identifies each host on the network.

Just thought I'd point that out. The rest of your point still stands though, as it is awful easy to change a MAC address in all OSs.

I know MAC addresses are used all the way along the route, but perhaps I could have worded it better. What I meant was is that when you receive a frame, the source MAC address won't be the MAC address of where the packet originated, it'll be where the frame originated (and frames are encapsulated and de-encapsulated at every router). At every network boundary the router de-encapsulates a frame to check the destination IP for forwarding, and then when it encapsulates the packet back into a frame it uses the MAC address of it's forwarding port as the new source address. This happens many times throughout the journey of a packet.

The IP address in the packet header though stays the same throughout, except when it hits a NAT router or a proxy server where it can be changed as needed.

 

[PistolPete]

Thinking outside the box here for a moment.....I was always told "Once you can discount what is impossible what is left, however improbable, is the answer" so are you sure that this person hasn't gotten access to the info any other way other than hacking?? Work colleague, friend thinking they are funny, friend that's jealous or something or that is upset with your g/f for some reason?

Only you & your g/f can work that out from the info that they have, so take a long hard look at the info and see what you can come up with.


As for the Canadian IP, it's unlikely to be spoofed - way too much hassle when there are easier ways to emails with not much chance of it being investigated. It could have been a comprised machine, a friend of the person responsible who lives out there, or it might not even be a Canadian IP - some reverse IP blocks are not named correctly and IP allocations are not always attributed to the correct ISP.

 

[ChrisD.]

Pretty much correct, one thing. A MAC address is transmitted along with the packet across its entire journey. This is because the MAC address is required when delivering the packet to the destination host. A MAC address is used during switching operations and is a locally-significant unique identifier what identifies each host on the network.

Just thought I'd point that out. The rest of your point still stands though, as it is awful easy to change a MAC address in all OSs.

The MAC address of the host isn't transmitted across the whole journey, not sure if I've ready your post wrong though.

 

[Simple_Steve]

It has turned into a battle of oneupmanship. I do love overclockers forums This battle has cheered me up regardless of the situation. Still the question remains. I believe this to be a HTTP proxy, so does any1 know if the police would have methods to trace this guy? Like I say, it's quite unnerving thinking this guy could be just down the road watching my girlfriends every move. But if he is indeed from canada or russia or australia then it's ok, she is due to move anyway and the accounts have been seized by the police. I would start up new accounts under false names for her and she would be able to use temp emails to set them up and keep her real email separate from this.

 

[asim18]

Contact the abuse dept of the ISP which owns the IP address.

It's usually [email protected]

 

[gareth170]

how do you know it's a hacker? it could be a friend of a friend that lives in other country or something

 

[PistolPete]

I believe this to be a HTTP proxy, so does any1 know if the police would have methods to trace this guy?

What makes you think it's a proxy?

If it if and it's running on a PC somewhere then the police will most likely have no way to trace it as I doubt it will be holding logs.

 

[Leeroy123]

Police wont do a thing.

 

[Simple_Steve]

Well thanks everyone for the information. Hope this gets sorted. My girlfriend is almost on the verge of never leaving the house again.

 

[gareth170]

Well thanks everyone for the information. Hope this gets sorted. My girlfriend is almost on the verge of never leaving the house again.

i think that going abit extreme tbh..

if it was a hacker, why was all her personal information saved on the pc anyway?

 

[aln]

Basically, if a hacker who has any semblance of an idea of what they're doing hacked your gmail, the IP address you picked up won't be theirs, and you'll probably never find them. If a script kiddy who doesn't know what they're doing did, chances are they're trackable if anyone can be bothered doing it.

The issue is false positives; where you assume where the trail ends is the actualy pearson doing the nefarious deed. Thefore you'd need to expend a great deal of time and effort to actually further prove the node where the trail ends, is the actual commiter of the offense, probably by subpoenaing some hard drives.

So basically, good luck with that! Personally, I'd just change my password, then start thinking about how I goofed up to leak my login details. For the record, if you let your PC get owned, anything you do online is going to be suspect, but lets pretend for a second you run a pretty clean ship.


#####################
### Some advice if wanted ###
#####################

Anything you login to may have a plaintext, or decryptable copy of your password. This means, you shouldn't realstically use a password in more than one place. Thats a total pain, thus many of us have different levels of passwords; myself basically use 4 common passwords for the following types of services:- Work (for me this is work owned services, and uni), Secure(bank, and email), Normal(trusted sites, generally where I part with bank details) Junk(non-trusted, gaming, forums, etc).

The advantages are self explanatory.

 

[PistolPete]

I think you may have misunderstood the OP - they didn't have their gmail hacked, someone sent them lots of personal info via a gmail account so he thinks she's been hacked to have obtained that info.

 

[aln]

I think you may have misunderstood the OP - they didn't have their gmail hacked, someone sent them lots of personal info via a gmail account so he thinks she's been hacked to have obtained that info.

Actually I read his posts right, understood it, had a nice brain fart regarding how I decided to respond to the second paragraph, then decided her gmail was hacked even though I knew he didn't say that! It's time for bed, I think.

However despite my brain fart, the general point still stands, just pretend I wasn't going on about hacked gmail accounts when reading it. If the OP still feels that the info was gathered online, I'd be much more concerned about how the info was gathered, as opposed to caring about punishing the person who gathered it.

 

[MuttsNutts]

What details do you have? it's more likely someone closer to home.

Also the sensitive info you speak of, how is it whatever it is stored on the PC? is it photos, documents or details stored in emails?

the type of info/data taken from the PC is vital to finding the possible way in or the reason someone would do such a thing? have they said the info will be released unless you pay X amount or is it just a threat or someone having a sick joke at her expense?

If it's a random person then it's more likely there gonna ask for something if it's someone you or she knows then it's most likly a sick joke or someone thats got a grudge or Jealous for what ever reason.

silly question but has your GF got a any brothers? younger or older that did this sort of thing for a joke?