Find email address from static IP address?

[Jim]

I received an email with the Beagle.X virus attached.
The From header was spoofed, but the originating
IP address is

63.206.248.106 which resolves to
adsl-63-206-248-106.dsl.lsan03.pacbell.net

I received a second email with the same Virus from the
same IP address. I conclude that this email comes from
a DSL customer with a *static* *IP* *address*.

How can I find the DSL customer's email address, so
I can tell him to disinfect his computer?

 

[Beauregard T. Shagnasty]

Quoth the raven named Jim:

I received an email with the Beagle.X virus attached.
The From header was spoofed, but the originating
IP address is

63.206.248.106 which resolves to
adsl-63-206-248-106.dsl.lsan03.pacbell.net

I received a second email with the same Virus from the
same IP address. I conclude that this email comes from
a DSL customer with a *static* *IP* *address*.

You'd have to post the whole header to see if that is really the
machine it came from.

How can I find the DSL customer's email address, so
I can tell him to disinfect his computer?

You can't... all you can do is forward these headers to (e-mail address removed)

 

[me]

I received an email with the Beagle.X virus attached.
The From header was spoofed, but the originating
IP address is

63.206.248.106 which resolves to
adsl-63-206-248-106.dsl.lsan03.pacbell.net

I received a second email with the same Virus from the
same IP address. I conclude that this email comes from
a DSL customer with a *static* *IP* *address*.

How can I find the DSL customer's email address, so
I can tell him to disinfect his computer?

Consider informing the ISP instead. They (pacbell) are more
likely to convince their customer to do something than some
"Jim" (no offense intended) out there would.

Besides, you'd pro'ly spare yourself a reply a la f'off you
know-nuttin' !@#$% ...

J

 

[FromTheRafters]

I received an email with the Beagle.X virus attached.
The From header was spoofed, but the originating
IP address is

63.206.248.106 which resolves to
adsl-63-206-248-106.dsl.lsan03.pacbell.net

I received a second email with the same Virus from the
same IP address. I conclude that this email comes from
a DSL customer with a *static* *IP* *address*.

How can I find the DSL customer's email address, so
I can tell him to disinfect his computer?

I think you would have to have the ISP contact him. You would
have to send them the complete headers of the e-mail in question
so that they can take action. There may be any number of e-mail
addresses (and computers) that use that IP# and information in
the headers would help them to track it down.

 

[Rob]

i wish you could ... i am getting upwards of 15 emails a day containing the
Netsky_P and Q worm ... i have so far written to the ISP (btopenworld) three
times including the headers in the vain hope they will do something but
still the emails arrive
Ive given up, all i can hope for now is that the offending computer is
consumed in a house fire or something !!
Rob

 

[pgx]

(e-mail address removed) (Jim) wrote:

|I received an email with the Beagle.X virus attached.
|The From header was spoofed, but the originating
|IP address is
|
|63.206.248.106 which resolves to
|adsl-63-206-248-106.dsl.lsan03.pacbell.net
|
From Whois Database:

CustName: FlorenceCrittentonSer
Address: 2623 Camino Ramon
City: San Ramon
StateProv: CA
PostalCode: 94583
Country: US
RegDate: 2003-01-09
Updated: 2003-01-09

NetRange: 63.206.248.104 - 63.206.248.111

OrgAbuseHandle: APB2-ARIN
OrgAbuseName: Abuse - Pacific Bell
OrgAbusePhone: +1-877-722-3755
OrgAbuseEmail: (e-mail address removed)

Check out:

http://www.florencecrittenton.com/


Phil

 

[kurt wismer]

I received an email with the Beagle.X virus attached.
The From header was spoofed, but the originating
IP address is

63.206.248.106 which resolves to
adsl-63-206-248-106.dsl.lsan03.pacbell.net

I received a second email with the same Virus from the
same IP address. I conclude that this email comes from
a DSL customer with a *static* *IP* *address*.

how nice for you, you concluded something...

would have been even nicer if your conclusion wasn't so questionable...

just because the ip address is the same doesn't mean it's not a dynamic
ip address... you failed to consider the following possibilities:
1) the dynamic ip address may not have been reassigned between email 1
and email 2 - i have a dynamic ip address and it doesn't actually
change all that often...
2) there could in fact be multiple individuals in the aforementioned ip
block with the same worm...

How can I find the DSL customer's email address, so
I can tell him to disinfect his computer?

you can't... what you can do is give the service provider the headers
so that they can track down the actual problem customer and alert them...

 

[Jim]

There may be any number of e-mail
addresses (and computers) that use that IP# and information in
the headers would help them to track it down.

Yes, in the general case there may be several PCs on one DSL line.

However, I believe this is a residential DSL line with only one PC on
it. So my question is, if there is only one PC on the line, is there
any way possible to send email to it?

 

[kurt wismer]

Yes, in the general case there may be several PCs on one DSL line.

However, I believe this is a residential DSL line with only one PC on
it.

and you believe that because why?

i have a residential DSL line which at any one time may be serving up
to 4 different computers...

So my question is, if there is only one PC on the line, is there
any way possible to send email to it?

no...

 

[FromTheRafters]

Yes, in the general case there may be several PCs on one DSL line.

There may be several computers using any IP address through
the use of IP masquerading. Plus, any single computer may have
more than one "e-mail address" associated with it. When mail
is sent, the receiving SMTP server connects with the sending
computer's currently assigned IP#, but on the e-mail receiving
side the "mailbox" is at the ISP and may be retrieved by various
methods. There is no hard-and-fast direct correlation between
e-mail addresses and IP addresses other than the fact that a
particular e-mail was sent from one IP# and had an abitrary
e-mail address associated with it by the author.

However, I believe this is a residential DSL line with only one PC on
it.

That is certainly possible, but hardly a good assumption.

So my question is, if there is only one PC on the line, is there
any way possible to send email to it?

Yes, get someone at the ISP owning that IP# to check their
logs to see what client was assigned that IP# and then get
them to betray the trust of their clients by telling you at least
one of the e-mail addresses that that particular client uses.
Then you must rely on blind luck to get the e-mail that you
send to be retrieved from the internet mailbox by the client
while using that affected computer.