[mogulskr]

My in-laws have been getting some abusive emails and I was wondering how much information I could get from the originating IP address which is 69.112.210.28. I did a NsLookup and found out it goes through an optonline server, but was wondering if I could find anything more specific. Pretty sure it is one 36 surrounding neighbors.

Thanks

 

[sanjuro]

Probably not. Static IP address, i.e., permanently assigned ones, are rarely given out to home customers, the most likely source of these emails.

I would report the emails to the Optonline company and let them take it from there.

 

[mogulskr]

Thanks, it is cable and I was not sure how long the IP address would be leased for.

 

[Trigger]

Thanks, it is cable and I was not sure how long the IP address would be leased for.

If you dig deep enough to actually find the owner of the IP, it will in 99% of the cases be a person that is totally unaware that their computer is used for sending spam...

Different types of spambots are all over the net, and will try to install themselves on any unpatched computer - and the bots (many of them being worms) can't tell the difference between your grandma's homecomputer, used for writing recipts and playing FreeCell - or a pentest blackbox at the FBI...

So it'll be like finding one special needle in the needlestack..and still have a stack of needles annoying you

 

[ET_SoCal]

... needle in the needlestack...

Ya, pretty tough to find the actual spammer...
for tools I like to use: http://network-tools.com/

Begeeze -that IP gave a lotta hops;

TraceRoute to 69.112.210.28 [ool-4570d21c.dyn.optonline.net]
Hop (ms) (ms) (ms) IP Address Host name
1 0 0 0 66.98.244.1 phou-66-98-244-1.ev1.net
2 0 0 0 66.98.241.7 gphou-66-98-241-7.ev1.net
3 0 0 0 66.98.240.8 gphou-66-98-240-8.ev1.net
4 1 1 2 216.200.251.169 ge-6-0-1.mpr1.iah1.us.above.net
5 1 1 1 64.125.31.62 so-0-0-0.mpr2.iah1.us.above.net
6 14 14 14 64.125.29.65 so-5-0-0.mpr1.atl6.us.above.net
7 48 42 14 64.125.27.50 so-0-0-0.mpr2.atl6.us.above.net
8 25 25 25 64.125.29.42 so-2-1-0.cr1.dca2.us.above.net
9 43 25 25 64.125.28.126 so-6-0-0.mpr1.iad1.us.above.net
10 26 25 26 64.125.28.214 so-3-0-0.mpr2.iad2.us.above.net
11 26 25 25 64.125.30.121 so-3-0-0.mpr2.iad10.us.above.net
12 26 26 26 65.19.100.97 r1-gig10-1.in.asbnva16.cv.net
13 31 31 31 65.19.101.129 -
14 32 32 32 65.19.96.66 r2-srp5-0.wan.hcvlny.cv.net
15 32 33 32 65.19.104.194 r1-srp5-0.mhe.hcvlny.cv.net
16 33 33 33 167.206.38.2 dstswr1-ge3-16.rh.ctmhny.cv.net
17 34 33 34 167.206.38.43 ubr101-ge1-0-0.cmts.ctmhny.cv.net
18 Timed out Timed out Timed out -
19 Timed out Timed out Timed out -
20 Timed out Timed out Timed out -
21 Timed out Timed out Timed out -
Trace aborted.

 

[Tenchiro]

According to http://www.geobytes.com/IpLocator.htm?GetLocation ;

The IP is coming out of Mastic, NY

 

[Trigger]

According to http://www.geobytes.com/IpLocator.htm?GetLocation ;

The IP is coming out of Mastic, NY

Still a lot of doors to knock down...