Stollen IP Address

[Kanan]

Hi!
This is a urgent request to help me with finding it with who has stolen the IP Address.......

I have the same ISP for the last 3.5 years and I dont wanna change it because I have no better alternative. so I have to solve my problems...

someone... very close to my house... lets say 100 meters away is stealing my IP adress and my MAC address without witch he would not be able to connect to the internet.

my problem is how to stop him, after I find out who it is but this is the smallest problem of all ... the biggest is how to find out who it is... or at least what can I do to protect my IP...

I have spoken with my ISP about this and they said that for the moment they have no solution.
My connection is through LAN cable for about 300 meters and further optic fiber.


Reply!

[deoWo]

Do you know how they could steal a connection unless it's an unsecured wireless one... and how do you know someone is doing this anyway?

Perhaps you should start with the cable at your end and then just follow it, hand over hand, until you find where another cable has joined in. Then follow that cable until you find the computer it is connected to and Voila! You have your thief!

[Rawko]

My guess is there is
a) a bot/virus infection sending out info.
OR
b) visited a compromised web site that captured his information.

In either case, spoofing is very easy. There is no guarantee that it is in your neighborhood. Spoofing can lead most folks half-way around the world.

You can do several things. But let's first learn more about the situation before we choose the best option.

To make you slightly paranoid. What is your IP address? I can get it from Ash, but his privacy policies won't allow that (which is good). Don't respond, I didn't really want it. But with it i can learn quite a few things about your computer, without any more connection than a ICMP ping or trace-route.

[Fabian]

Your first post wasn't the most clear - when you say MAC/IP address, are you talking about a PC or a cable modem? I know some ISP's track their customers via the MAC address of their modem and it is possible for service thiefs to sniff these out and spoof them to get free service. If you think this is what is happening you will need to talk to your ISP.
Does your ISP actually lease you a static IP? Sometimes your IP may change on it's own unless they specifically provide you with a static one.

[Kanan]

I am talking about the MAC (Physical Address) of my Network Adapter... and yes I have a static IP... I have a now one now... but I still wanna get this thief cought.

[Rawko]

If He/She can spoof your info once, they can do so again. There are things that can be done, but does the isp want to take that much management. They are close to that point already. They just need to look at some reports, and look at which switches the offender is using. It's something well within their power. the problem is getting them to do so. Unless they perceive a loss, they wont' act. Even then, the loss must be enough to warrant the effort. They are suffering a lost, but to them, it's about how much it costs to research the problem, and how much to prosecute the offenders.
The IsP may well be watching this person. but not acting till the value of stolen service surpasses the cost of litigation. I doubt that, but it is possible.

[Rawko]

To an extent, you are right, Jam.

but it depends on how the switches/routers are set up with the ISP. if like my isp, you get a different sub-net for each set of 250 cable-modems, AND the 2 different switches are configured properly, you can have duplicate mac addresses. But that will take each subnet set to limit communications with each other (rather blocking that communication) which is VERY RARE within an Isp/company/lan but possible.

NIC manufacturers have started reusing MAC addresses out of need. There are 2 things that make that possible. First is the chance that 2 mac addresses will get on the same network are SLIM. Second, the chance that the first mac addresses they used on their devices still being active on a network are very slight as well. They've been making NIC's for 20 plus years. Those old 10mb cards are likely in a recycle/scrap heap.

Your MAC address is the MOST important identifier of your specific computer. But couple that with your IP address, and your address has grown in length, increasing the chance that it is truly unique.

Since your MAC is the most important, hackers/crooks and spammers will gladly spoof your MAC, to reduce the chance of their being caught in their illicit deeds.

You can easily use mac spoofing when setting up a router for your personal network. In fact, many security experts went ballistic when XP was released, because older windows OS' didn't include the tools to so easily spoof MAC and IP addresses. XP does have that software. I won't say how it's done, but it is not difficult.

But since the spoofed addresses can not be on the same subnet, and rarely in the same network (isp/company), I highly doubt the crook is in the same area as the original poster. A tracert will get you close to the crook, but firewalls in use by the persons, or other companies/isps will end the trace. There are even graphical trace route utilities that will map the trace on a world map.

[Kanan]

ok.. so how can I trace this guy?

[Rawko]

The best way is to start with an IP address. The MAC address alone won't get me started. But you stated you NOW have a new static IP. Were anyone to try to trace your IP they would get your computer, or another computer on your network, should you provide the old IP address.

This is easily spoofed too. Thus giving the appearance that someone is near you or on your network.

I don't have the tools on hand to pull the true source Ip from a stream. Well, i might, but would take some installing from my OS disks. But even then. i'd have to be in contact with the "crooks" machine. That is something I have no intention of doing!!! I can monitor connections that go through my computer. if he/she never connects to my PC, then most of my tools won't work.

Not to be rude, but I refuse to do anything illegal. My job depends highly on me being 200000000000% above board.

Also, I will not spread knowledge of illegal tools or practices. I won't be an accomplice to an accomplice, if you know what I mean.

The best you can do, is make a report, and hope the proper authorities take action. If the first rung of the ladder is broken, then you can go on to the next rung (go up the ladder to the next level of authority). IF they refuse to, and you can show there is a systemic problem that someone can easily solve, then (and only then) can you take more drastic measures, and go to the media. That action type is a two-edged sword. It is not to be toyed with, nor taken lightly in any way. Also, every step needs to be documented, to show that you have followed the proper routes to no avail. You want things in writing, phone calls are not enough, and in most places, it's illegal to record them without full expressed consent of all parties.

I guess I'm like an elf. Seldom would advice be given, and rarely (if ever) unguarded. Again, I say, Follow the documented routes of reporting/resolution. You could easily cross the line into the same territory as any criminal you are trying to catch. And not to mention, you could land yourself in very hot water with a criminal/syndicate that could cause you more trouble than you want. Not just virus' or simple identity theft.

I'll get off my soap box, sorry.