Re: Correlating an IP address with a phone number

[Andre Ludwig <andre.ludwig () gmail com>]

http://emailrevealer.com/products.php?cat=1

not exactly what you guys are talking about, but along the same
lines.. (as you would use the same vectors to get the information)

But hey, why pay someone else to do the SE when you can do it
yourself? (oh wait cant forget the whole plausible deniability angle)

Dre


On 1/12/06, Marco Ivaldi <raptor () 0xdeadbeef info> wrote:
> > A Longer Answer: No - At least not without a court order. IP addressing
> > has nothing to do with the telephone numbering system - and most IP
> > addresses are dynamic in the first place (as in, the IP address is
> > different every time the subscriber connects to the Internet) - but you
> > may 'request' (see "court order" in the last sentence) the contact
> > information of a subscriber who was using a certain IP at a certain
> > time, under certain circumstances, from their ISP.
>
> Of course, depending on the security of the ISP, a bad guy could also hack
> into the Access Server (usually the last hop before the target IP address)
> and directly get the information he needs. For instance, on Cisco IOS he
> could do something like:
>
> 1) Get the vty number from the IP address:
>     $ sh ip int | begin <ip_address>
>
> 2) Get the username from the vty_number:
>     $ sh us | include <vty_number>
>
> 3) Get the phone number from the username:
>     $ sh isdn hist | include <username>
>
> This may or may not work depending on multiple factors (ISP network
> security, AS platform of choice and its configuration, caller-id
> enabled/disabled, etc.).
>
> Obviously, if you're not authorized by the ISP it's _illegal_.
>
> Cheers,
>
> --
> Marco Ivaldi
> Antifork Research, Inc.   http://0xdeadbeef.info/
> 3B05 C9C5 A2DE C3D7 4233  0394 EF85 2008 DBFD B707
>
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
> futile against web application hacking. Check your website for vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------