Re: Tracking down a vandalizer who's faking his IP

[H Carvey <keydet89 () yahoo com>]

In-Reply-To: <BAY15-F10FKpO2DTSWF00007cd4 () hotmail com>


> I have sent an email to the owner of that segment of IP address but haven't 
> heard anything for the past 2 months other than an automated reply.  Do most 
> admins in other countries ignore requests to reveal source IP's when they 
> feel it's just a vandalism and not a significant incidence?

I don't think that it's necessarily dependant upon which country the admin is from...lots of admins from all over 
ignore such things.

> Does anyone here have any experience tracking down a faker such as this
> and could you provide any tips on how one can effectively talk to
> and coordinate with the ISP's at the other end?

Instead of focusing on tracking the faker, why not focus your efforts on securing the web site?  You said you haven't 
heard back from the admin you contact in 2 months, but you're also saying that this faker "is vandalizing" the site 
(ie, present tense).  

Also, it doesn't sound as if this person if "faking" his IP address, as much as he's perhaps routing his communications 
through the remote system you've identified.  Since you haven't been able to get in touch w/ the owner or admin of that 
block of IPs, maybe you should focus on securing the web site itself.

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------