If someone steals your PC but you know what its IP address is...

[DeanB]

Is it possible for (a) the police, and (b) a member of the general
public, to determine the physical address (home, apartment, etc) of a
place that is currently using an IP address?

I might one day be interested in recovering some equipment.

 

[Mike Torello]

Is it possible for (a) the police, and (b) a member of the general
public, to determine the physical address (home, apartment, etc) of a
place that is currently using an IP address?

I might one day be interested in recovering some equipment.

It is possible but not without participation of the legal authorities.

 

[VanguardLH]

Is it possible for (a) the police, and (b) a member of the general
public, to determine the physical address (home, apartment, etc) of a
place that is currently using an IP address?

I might one day be interested in recovering some equipment.

How are YOU going to know what is the IP address that the stolen
computer is currently using? Obviously if it was stolen then it is not
using the same ISP as you or, if they are, they will get assigned a
different IP address than you got when you had the computer. Doesn't
even matter if you paid your ISP for a static IP address. The thief
will get assigned their own IP address from whomever is their ISP.

Since MAC address won't get past the thief's router or past their ISP,
you won't be able to use that, either, to track a stolen computer.

That's why there are security programs that have a client on the host
track the host whenever the thief makes a connection (and where the
thief hasn't employed a means of blocking that client from making a
connection). It is doubtful the thief wants your OS or your
applications. More likely is that they want the hardware. So they
simply reformat the partition(s) on the hard disk(s), install their
choice for an OS and their choice for apps, and that tracking client is
gone from that host.

Some hosts have built-in encryption that cannot be bypassed. If the
thief doesn't know the password, nothing on the hard disks are usable.
So the thief replaces the hard disk and continues using the stolen
hardware. The point of this whole-disk encryption is not to prevent the
thief from using the hardware but instead in preventing them from
getting at your apps and data.

If you want an ISP to divulge the customer's details for a particular IP
(used as a particular time), you need to obtain a subpoena to have them
divulge their logs - if they keep any - to use those to trace down which
customer of theirs had that IP address at the time you specified (since
it is dynamic and can change to be used by someone else). Are you
prepared to hire lawyers and file a criminal lawsuit against the thief?
And how is an IP address going to help you identify the actual thief?
That would help if you wanted to charge someone with harassment, 3rd-
degree assault, stalking, or purveying illegal content, like kiddie
porn. It won't help to identify who is using your stolen hardware.

 

[Swifty]

Is it possible for (a) the police, and (b) a member of the general
public, to determine the physical address (home, apartment, etc) of a
place that is currently using an IP address?

One good approach is to use a backup program such as Mozy. If you can
hide it so that it doesn't show that it is running, then so much the better.

Then, when the thief uses your PC, their files will get backed up, and
you can identify them.

This happened with someone who installed MOZY on their mobile phone,
which then got stolen. It backed up the photographs that the villain was
taking, and the police watched the backups until they recognised
someone/somewhere. The rest is history. One of my favourite stories!

 

[Big_Al]

DeanB said this on 2/8/2009 2:11 AM:

Is it possible for (a) the police, and (b) a member of the general
public, to determine the physical address (home, apartment, etc) of a
place that is currently using an IP address?

I might one day be interested in recovering some equipment.

I'm going to say no.
If I take your PC, and move it to another place, even next door, and
hook it up to the internet, the computer is going to be given a new IP
address by that ISP. I say this, as most ISPs now are setup to DHCP.
If you were lucky that it was a fixed IP, and when moved to another
place and lucky it used a fixed IP there, and it worked (odds being 1 in
a million) then you could maybe try to locate that IP, maybe. I can't
myself conceive of how, not being that good like Timothy McGee on NCIS
that can seem to connect to any PC in the world in under 5 minutes and
hack though any firewall.

But my first thought is back to the DHCP changing the IP and that
destroys your concept of finding it. And if you have a router, then
your IP address is an internal IP address and this is even more
improbable.

 

[Shenan Stanley]

Is it possible for (a) the police, and (b) a member of the general
public, to determine the physical address (home, apartment, etc) of
a place that is currently using an IP address?

I might one day be interested in recovering some equipment.

How is it that you know (of all things) the IP address?

 

[SC Tom]

DeanB said this on 2/8/2009 2:11 AM:

I'm going to say no.
If I take your PC, and move it to another place, even next door, and hook
it up to the internet, the computer is going to be given a new IP address
by that ISP. I say this, as most ISPs now are setup to DHCP.
If you were lucky that it was a fixed IP, and when moved to another place
and lucky it used a fixed IP there, and it worked (odds being 1 in a
million) then you could maybe try to locate that IP, maybe. I can't
myself conceive of how, not being that good like Timothy McGee on NCIS
that can seem to connect to any PC in the world in under 5 minutes and
hack though any firewall.

By golly, he IS good, isn't he?

 

[Patrick Keenan]

Is it possible for (a) the police, and (b) a member of the general
public, to determine the physical address (home, apartment, etc) of a
place that is currently using an IP address?

I might one day be interested in recovering some equipment.

First, you'd have to know what the IP address actually is, and most IP
addresses are issued dynamically, which is to say that they can change at
any moment. So for the IP address to be useful information, you also need
to know the precise time it was in use.

Second, only the issuer of the IP address would have the identifying
subscriber information, and would not - partly due to privacy laws -
disclose this without a court order.

Any ISP employee who disclosed such information without proper authority -
for example, on explicit direction from the ISP's legal counsel in response
to a court order - would be at risk of instant dismissal and possible
vigorous prosecution (meaning a prison sentence).

Anyone receiving this information might also be at legal risk, as the
information would be stolen property. Actions based on use of stolen data
would complicate matters.

US courts, for example, do not have much of a record for being lenient on
theft of computer data.

So while it might *technically be possible* for a member of the general
pubic to get this information, it would not necessarily be easy or even
legal.

You'd really have to go to the police, who would have to find the time to
get a court order to present to the ISP, and if the ISP challenges the order
there would be a delay.

But, if you did have the proper information (IP address and time and the
issuer name) and had a really good reason why you are sure it's the same PC,
this would ease the task of the police considerably.

HTH
-pk

 

[Twayne]

Is it possible for (a) the police, and (b) a member of the general
public, to determine the physical address (home, apartment, etc) of a
place that is currently using an IP address?

I might one day be interested in recovering some equipment.

With a subponea to his ISP, yes. But that's about the only way to do it
legally unless he's dumb enough to allow the machine to put out personal
info.

 

[Swifty]

How is it that you know (of all things) the IP address?

Well, I know mine is 192.168.1.2 - but then that is probably true of a
million or more systems.

 

[Shenan Stanley]

Well, I know mine is 192.168.1.2 - but then that is probably true
of a million or more systems.

My question centered around the OPs question - not how they knew it *now*
(while they supposedly had the system) but how they know their IP later
(after it gets stolen.)

 

[DeanB]

My question centered around the OPs question - not how they knew it *now*
(while they supposedly had the system) but how they know their IP later
(after it gets stolen.)

Thanks for all the great replies. A little background: I wrote a
simple app that downloads from whatismyip.com my current IP address,
and emails it to me on system startup. I already had a similar program
that emails me my IP address every morning, so it was not hard to
alter the scheduled task for this to run on startup.

I know its not much, or fool-proof, but an unsuspecting thief might
not realize anything.

 

[Leythos]

I know its not much, or fool-proof, but an unsuspecting thief might
not realize anything.

Any thief that doesn't wipe the drive is not much of a thief.

 

[Twayne]

Well, I know mine is 192.168.1.2 - but then that is probably true of a
million or more systems.

That is not an internet IP. It's the IP of the COMPUTER SYSTEM on the
LAN/WAN side of a router/gateway. EVERY such system has a similar type
of address and it would not be possible to use it to locate anyone. You
would need the IP from the other side of the router; the internet side.

For instance, the IP for my machine is:
192.168.1.47

But my interent IP, which identifies my router (only) is:
xxx.yyy.23.12 (obscured to avoid spam)
and it changes periodically based on my ISP's whim. THIS is the only IP
that would lead to any possibility of finding an actual person. The
192.168.1.47 can not be seen from the internet nor accessed by any but
the user at his computer.

HTH

Twayne

 

[Twayne]

Thanks for all the great replies. A little background: I wrote a
simple app that downloads from whatismyip.com my current IP address,
and emails it to me on system startup. I already had a similar program
that emails me my IP address every morning, so it was not hard to
alter the scheduled task for this to run on startup.

I know its not much, or fool-proof, but an unsuspecting thief might
not realize anything.

Well, Something is wrong because whatsmyisp never gave you that
particular address. That address, and no it doesn't change, you're
right that far, is not reachable from the internet. The last digit will
change for each piece of equipment you have; printer, scanner, other
computers on a LAN, etc.. What you need is the internet IP.

HTH

Twayne

 

[Twayne]

Any thief that doesn't wipe the drive is not much of a thief.

Yeah, that's probably so. Many of the opportunists out there are pretty
ignorant of computers and simply start using them. I've never had much
experience, but one guy a year or so ago was in the papers for being
caught with a stolen computer and except for a boatload of malware it
still had the owners files all there and in tact. Seems all he used it
for was porn.

Regards,

Twayne