Can I find someone using their IP Address?
March 29, 2006 6:52 AM   Subscribe

Using their IP Address, can I pinpoint the location of an individual?

I can't go into detail [legal issues], but I'm having some problems with users on my blog. I think I know who it is because of the city they enter the blog from, but I need to be able to pinpoint them.

I've already used their IP address to block them, but they simply went to another computer in the building.

Is there anyway to find them? A prgogram? A Google Maps program? Is this a lost cause?
posted by bamassippi to Computers & Internet (16 answers total) has some good tools for doing things like this. But keep in mind it's far from accurate. There can be proxy servers involved, which will give false locations. The result might just be the ISP, which tells you nothing. And if it's a large business you might get the address of an office the user isn't at.
posted by y6y6y6 at 6:57 AM on March 29, 2006

You can't use an IP to pinpoint anyone more accurately then the city they're in.

Whack the IP in here. If you're lucky it will give you the name of the organization they're coming from, but beyond that you're out of luck.
posted by cillit bang at 7:06 AM on March 29, 2006

In most cases, no. With Dialup ISP's, the best you can say is perhaps which area they _called_, not where they themselves are located. DSL/Cable modems with DHCP assigned IP addresses may give you a rough area of a city, but nothing more.

If they're actively trying to mask their address, you have no chance at all of blocking them in this way. You may find that if it's a severe enough problem, you may want to password-protect whatever content/blog you have, and only allow viewing/posting from a 'whitelist' of trusted users - a 'blacklist' will never stop a determined individual.
posted by bemis at 7:06 AM on March 29, 2006

You can check out ARIN to find where the IP addy that you see is registered to; this will normally resolve to an ISP, University, Library...whatever. That can help you pinpoint things a little.

Also, this IP address lookup tool is quite useful for directly returning the geographic location of a certain IP.

Once again, if there are proxy servers involved none of this is valid...and no there is no way to get a specific address, but you certainly can identify a geographic region
posted by I_am_jesus at 7:09 AM on March 29, 2006

If this is a legal issue, call the police. They are infinitely more likely to be able to track said person than you are. Unless you're just planning on knocking on their door and kicking their ass, Jay & Silent Bob styles.
posted by antifuse at 7:32 AM on March 29, 2006

GeoTool sometimes does a good job of what you want to do.
posted by chunking express at 7:39 AM on March 29, 2006

You might also want to try blocking a range of ips, for example instead to blocking "" you could try blocking "84.188." and that'll block any ips starting with those numbers.
posted by bobo123 at 7:45 AM on March 29, 2006

Many ISPs have dynamic IP adresses which means there can be a whole range of addresses assigned to users every time they log in. It's the nature of the game and some people learn to take advantage of it.
posted by JJ86 at 8:01 AM on March 29, 2006

You can find out who they are by filing a lawsuit against them, and subpoenaing their ISP. If they start using an anonymous proxy, you're really SOL, although there are probably lists of proxies out there you can block from.
posted by delmoi at 8:06 AM on March 29, 2006

but yeah, geographically you can get the mailing address of their ISP, and that's about it.
posted by delmoi at 8:06 AM on March 29, 2006

If this is a legal issue, call the police. They are infinitely more likely to be able to track said person than you are.

"To be able," yes. But they won't, so don't bother.

I'm honestly amazed that someone would suggest you call the police and tell them, "Someone has been messing with my blog. Please help!" That's really dumb advice, no matter what the "legal issues" are. (And from glancing at your blog, I have trouble imagining those "issues" are anything to be taken seriously.)

Cillit bang nailed it. Yes, it's a lost cause.
posted by cribcage at 8:43 AM on March 29, 2006

I'm a professional web traffic analyst, and I have this sort of discussion all the time.

Some ISPs do (or claim to) keep records matching customers' physical addresses to the IP addresses that they are assigned. The ISPs then sell this information (in aggregate) to companies like Quova, who then provide it (or the use of it) to their own customers. AOL users used to all appear to be from somewhere in Virginia (which is where AOL is headquartered), but AOL and Quova have apparently made a deal, so that is set to change.

Quova provides metrics down to the zip code level. That said, I'm not recommending that you accept that information as gospel.

In your specific case, you're talking about a user 'simply going to another computer in the building.' Well, if they are in the sort of building that has a bunch of computers sitting around for them to easily move between, what exactly are you hoping to accomplish? Suppose you were able to pinpoint the culprit to a street address, what then? If it's a private residence, you've possibly got them, but if it's a library or university, you've accomplished nothing. And if you think you're going to discover all the IP addresses that have been assigned to one specific building, and then block those and only those...well, I suppose it's possible that you could find out the name of the organization that occupies the building, and then find out what range of IP addresses they own, and then block that range.

So, in short, although there is data out there that may or may not help you, you'll have to consider carefully whether it would really be worth it for you to go through the trouble of getting it.
posted by bingo at 9:18 AM on March 29, 2006

If it's a university, it's possible that you could social engineer a tech to tell you which machine in which lab has a given IP address. And then camp for him to make another post.

But, really, it's an awful lot of effort to potentially get your butt kicked (or worse), and if there are true legal issues going on, you shouldn't be talking about it with anyone but your lawyer (who can, as others have said, force the ISP to reveal whatever identifying information they have about that IP address).
posted by Merdryn at 9:21 AM on March 29, 2006

Why do you need to pinpoint them?
posted by Good Brain at 10:47 AM on March 29, 2006

Google "ip address geolocation".
posted by russilwvong at 11:04 AM on March 29, 2006

If the goal is to block them and you know they went to another 'in the building' why not just block their whole ARIN block? Or block & redirect to an informational screen that says "because X is a doucebag I have blocked all this group" and if others are inconvenienced by that, well, they can go vigilante style on him....
posted by phearlez at 3:26 PM on March 29, 2006

« Older Cheap alternatives to tabloid newspaper floor...   |   Growing a computer forensic investigation business Newer »
This thread is closed to new comments.