Re: Correlating an IP address with a phone number

From: Marco Ivaldi (raptor@0xdeadbeef.info)
Date: Thu Jan 12 2006 - 06:16:18 EST

• Next message: Mark Teicher: "RE: FW: 3rd party vuln assesment firms"
• Previous message: Kenneth: "Be a Superstar! Víagra Onlíne! Now!"
• Maybe in reply to: kuffya@gmail.com: "Correlating an IP address with a phone number"
• Next in thread: Andre Ludwig: "Re: Correlating an IP address with a phone number"
• Reply: Andre Ludwig: "Re: Correlating an IP address with a phone number"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> A Longer Answer: No - At least not without a court order. IP addressing
> has nothing to do with the telephone numbering system - and most IP
> addresses are dynamic in the first place (as in, the IP address is
> different every time the subscriber connects to the Internet) - but you
> may 'request' (see "court order" in the last sentence) the contact
> information of a subscriber who was using a certain IP at a certain
> time, under certain circumstances, from their ISP.

Of course, depending on the security of the ISP, a bad guy could also hack
into the Access Server (usually the last hop before the target IP address)
and directly get the information he needs. For instance, on Cisco IOS he
could do something like:

1) Get the vty number from the IP address:
    $ sh ip int | begin <ip_address>

2) Get the username from the vty_number:
    $ sh us | include <vty_number>

3) Get the phone number from the username:
    $ sh isdn hist | include <username>

This may or may not work depending on multiple factors (ISP network
security, AS platform of choice and its configuration, caller-id
enabled/disabled, etc.).

Obviously, if you're not authorized by the ISP it's _illegal_.

Cheers,

-- 
Marco Ivaldi
Antifork Research, Inc.   http://0xdeadbeef.info/
3B05 C9C5 A2DE C3D7 4233  0394 EF85 2008 DBFD B707
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Mark Teicher: "RE: FW: 3rd party vuln assesment firms"
• Previous message: Kenneth: "Be a Superstar! Víagra Onlíne! Now!"
• Maybe in reply to: kuffya@gmail.com: "Correlating an IP address with a phone number"
• Next in thread: Andre Ludwig: "Re: Correlating an IP address with a phone number"
• Reply: Andre Ludwig: "Re: Correlating an IP address with a phone number"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:22 EDT