Eric <(E-Mail Removed)> writes:
> I've got a guy trying to spoof my network, i cant tell what his IP is as it
> only appears to be the IP of my router. Somehow he has learned the name of
> one of my systems and he is pretending to be that system, of course it
> doesnt work but its anoying. I really need some help to track this down so
> i can report him to his ISP.
If you have a suspect in mind and you know who their provider is,
then you could ask that provider to investigate the matter. Otherwise
you'll probably have to do a hop-by-hop trace of the inbound packets,
that is, find out what router is sending the packets to you, then
find out what router is sending the packets to that router, and so
on and so on, until you find the origin. You'll probably need the
cooperation of several service providers, which you'll almost
certainly never get. If you can convince a judge that the law is
being broken then you might be able to get a court order, but even
then there are probably all sorts of difficulties if state or
national borders are being crossed.
An alternative method is described in the paper "Tracing Anonymous
Packets to Their Approximate Source" by Hal Burch and Bill Cheswick:
http://www.usenix.org/publications/l...ch/burch_html/
While interesting, the described technique makes certain assumptions
and has problems of its own, and the ability to pull it off is
probably beyond most people.
--
Michael Fuhr
http://www.fuhr.org/~mfuhr/
Similar Threads
Linear Mode
