How Do I Trace a Troll?

[navane]

I was wondering if anyone could help me identify a troublemaker on another discussion board I belong to.


You see, this person has been posting nasty racial slurs about specific people all week long. The attacks are not directed towards me, but people I know. I'm not the board moderator either. The board mod tried to ban the offender's IP address, but apparently, people with dynamic IP addresses just get a new one every time they log in.


Plus, most of the time these punks are from AOL accounts. We can't ban AOL accounts because sooooo many people have AOL; that would take out the good with the bad. The poster has been writing in the distinct style of a person we know, but we suspect that it may actually be someone faking like he or she is that person in order to cover their tracks. Anyway, I just get sick of these people getting online and thinking that they can post anonymously without regard for anyone but themselves. Which, FYI, is not a thinly disguised commentary about GC. Anyway, the heaps and heaps of racial slurs about Asians and African-American people is what prompts me to want to out this person.


The board mod posted this person's IP address. It is:


DIALUP-4.240.210.30.DIAL1.PHOENIX1.LEVEL3.NET/4.240.210.30


I tried an ARIN lookup but didn't come up with much. At least, I'm not sure I make sense of it. It comes up with Level 3 Comm. out of Colorado.


I also tried doing a trace on the IP via a service at Stanford and got this:


traceroute to dialup-4.240.210.30.Dial1.Phoenix1.Level3.net (4.240.210.30): 3-30 hops, 38 byte packets
3 192.68.191.146 (192.68.191.146) 0.546 ms (ttl=252!)
4 snv-pos-slac.es.net (134.55.209.1) 0.788 ms (ttl=251!)
5 snvrt1-ge0-snvcr1.es.net (134.55.209.90) 0.820 ms (ttl=250!)
6 paix-pa-snv.es.net (134.55.208.205) 1.49 ms (ttl=249!)
7 209.245.146.145 (209.245.146.145) 1.38 ms (ttl=249)
8 so-2-1-0.bbr1.SanJose1.Level3.net (4.68.114.153) 3.53 ms (ttl=247!)
9 so-0-1-0.mp1.Phoenix1.Level3.net (64.159.1.121) 20.2 ms (ttl=246!)
10 so-10-0.hsa1.Phoenix1.Level3.net (4.68.113.242) 20.1 ms (ttl=246)
11 *
12 *
13 *
14 *
15 *
16 *
17 *
18 *
19 *
20 *
21 *
22 *
23 *
24 *
25


Riiiiight. I have no idea what I'm doing. Help!


Do I need to get the IP off an e-mail from the suspected person and then try and compare the data or something? Is this something I can do myself online or do I need some special software? If nothing else, I figure I can learn something new about the internet today.


Thanks!


.....Kelly

[Ronso]

Don't know much about IP tracing but I'm loving your sig. It's oddly appropriate for the subject at hand. Good luck in finding that jackass and banning them for good. Something about anonymity turns people into jerk-tards.

[aephi alum]

I'm afraid you're probably SOL.

Banning IP addresses only really works if the IP address is static, or if it's dynamic but seldom changes (as with residential cable modem or DSL service). With dialup, the user gets assigned whatever IP address is available from a pool when the connection is established. So you can ban the domain, or ban a range of IP addresses, but you run the risk of throwing the baby out with the bath water.

That said, I hope you or the board mod can figure out something to do about the troublemaker.

[Rudey]

You won't be able to ban the static unless you ban a subdomain/domain. As for tracing that to a person...very difficult. Most likely you would have to go through an ISP that will refuse to release it without a court order.

Require people to use identitites tied to non-anonymous emails (ie no hotmail, gmail, yahoo, etc.) and you will probably cut down a bit on your issue with people trolling while anonymous.

-Rudey

[sageofages]

Document the offending messages and contact the ISP to lodge a complaint. The ISP, especially those that use dynamic ips, have policies against offensive and threatening uses. In this day and age, they take those complaints very seriously.

They can do the legwork from the inside and potentially cut this user off.

[Rudey]

Quote:

Originally posted by sageofages
Document the offending messages and contact the ISP to lodge a complaint. The ISP, especially those that use dynamic ips, have policies against offensive and threatening uses. In this day and age, they take those complaints very seriously.

They can do the legwork from the inside and potentially cut this user off.

Umm not really.

-Rudey

[damasa]

You should at least remove your signature until you firgure out how to conduct the trace.

You aren't leet enough

[Tom Earp]

navan, contact J H on this subject, it amy take a while if it is on G C!

The rest, I dont really know about unless you contact the Site Adm.

Nice Sig whizzo.

How come so many of Your Brothers dont like you??

Amazing, K when idioticy comes in so many packages?

Good Luck and hope it gets worked out.!

you do not need this crap!

[Rudey]

Quote:

Originally posted by Tom Earp
navan, contact J H on this subject, it amy take a while if it is on G C!

The rest, I dont really know about unless you contact the Site Adm.

Nice Sig whizzo.

How come so many of Your Brothers dont like you??

Amazing, K when idioticy comes in so many packages?

Good Luck and hope it gets worked out.!

you do not need this crap!

Hey does Lambda Chi Alpha endorse or reject death threats against other fraternity members made by its brothers?

-Rudey

[navane]

Quote:

Originally posted by damasa
You should at least remove your signature until you firgure out how to conduct the trace.

You aren't leet enough

hahahaha...as I was posting this thread, I just *knew* my sig would get me in trouble! Ha....my sig is just me poking fun of my friend. My boyfriend, who has a degree in computer science, couldn't even read it. hmph! I actually used to be a Validations SysOp on an above-the-board BBS, so I had to stay out of it all. But hey, I went to prom with a |-|aX0|2...shouldn't that count for something??

<--- 1'|\/| n0+ 1337, i'M j|_|$t 4 p3rP4t12a+0r

.....Kelly

[navane]

Tom and Rudey,

PLEASE TAKE IT SOMEWHERE ELSE. I would appreciate it if you didn't crap up my thread with an argument that you two have with each other. I understand you both feel you have reason to point fingers....but I know this might escalate into yet another war of words and I'd rather it not be here.

Tom, please stop making uneccessary comments directed towards Rudey.

Rudey, please stop replying because you just have to have the last word.

I don't care who said what first. Just ignore each other! And, YES, you can ignore a moderator.....just stop paying attention to the posts. It's like real life when you have an annoying co-worker or something - you can't click on an "ignore button" and make people disappear into thin air. You just stop talking to them and don't acknowledge them.

If you absolutely feel compelled to say SOMETHING, PM each other with your death threats, snappy comebacks, and complaints. Please don't drag your feud into other people's conversations.

Thanks,

.....Kelly

[Rudey]

I didn't argue with anyone.

-Rudey
--I always have the last word

Quote:

Originally posted by navane
Tom and Rudey,

PLEASE TAKE IT SOMEWHERE ELSE. I would appreciate it if you didn't crap up my thread with an argument that you two have with each other. I understand you both feel you have reason to point fingers....but I know this might escalate into yet another war of words and I'd rather it not be here.

Tom, please stop making uneccessary comments directed towards Rudey.

Rudey, please stop replying because you just have to have the last word.

I don't care who said what first. Just ignore each other! And, YES, you can ignore a moderator.....just stop paying attention to the posts. It's like real life when you have an annoying co-worker or something - you can't click on an "ignore button" and make people disappear into thin air. You just stop talking to them and don't acknowledge them.

If you absolutely feel compelled to say SOMETHING, PM each other with your death threats, snappy comebacks, and complaints. Please don't drag your feud into other people's conversations.

Thanks,

.....Kelly

[kappaloo]

Quote:

Originally posted by sageofages
Document the offending messages and contact the ISP to lodge a complaint. The ISP, especially those that use dynamic ips, have policies against offensive and threatening uses. In this day and age, they take those complaints very seriously.

They can do the legwork from the inside and potentially cut this user off.

Unfortunately, it sounds like like the troll is just being offensive. To have an ISP move independantly would require the troll to be involved in illegal activies (threatening, spamming etc). Basically, if an ISP can see a warrent showing up on their desk, they'll move. Otherwise, they most likely will not.

Unfortunately, it's not illegal to be a racist jackass.

[decadence]

Good luck.

Ok, basically that IP address resolves to the dialup service of a major ISP called Level3. The user is using their dialup service. Quite probably it is a dynamic IP address (meaning it can change every time they log on). 4.240.210.30 is the IP address within an IP range owned by Level3 - 4.0.0.0 - 4.255.255.255. They can doubtless tell who was using that IP address at that time based on their logs anyway. Whether or not they'll take action depends on the ISP!

You can write to them with links to the forum messages stating that:
The poster is in violation [both letter and spirit] of their own AUP (Acceptable Use Policy) at http://www.level3.net/764.html and request they take action in line with their own AUP.
Mention the messages orginate from an IP address 4.240.210.30 owned by them.
You can use the abuse@level3.com and also use the hyperlink(s) on that page to use the forms to report it. Hell, use both.

The trace (traceroute) is a tool which tells which networks a network packet would pass through to reach their IP address (from your IP address to them). It's useful when an ISP ignores you and then you go to the next one up in the queue (called going upstream) who'll be the people who supply bandwidth to them. That can result in small-ISP losing their account or whatever. The first few items in the traceroute are always the network you're at yourself obviously. All that said, since Level3 is essentially a major provider [a backbone] they provide services for ISPs themselves so going upstream isn't applicable.

There does need to be some evidence supplied e.g. email headers, links to messages and logs info or other evidence. I'm not sure what checking it against full headers of an e-mail from the suspected person (i.e. the x-originating IP item in the header) would do, since doesn't matter if it's who you think it is, you just want it stopped regardless. But it's definitely worth collating the evidence and submitting a complaint.

What kappaloo said is technically often true but their annoying posts may very well come under the AUP e.g. the Other Prohibited Activities section etc.

Whois:

OrgName: Level 3 Communications, Inc.
Address: 1025 Eldorado Blvd.
City: Broomfield
StateProv: CO
PostalCode: 80021
Country: US

NetRange: 4.0.0.0 - 4.255.255.255
CIDR: 4.0.0.0/8
NetHandle: NET-4-0-0-0-1
NetType: Direct Allocation
NameServer: NS1.LEVEL3.NET
NameServer: NS2.LEVEL3.NET
Updated: 2004-06-04

OrgAbuseHandle: APL8-ARIN
OrgAbuseName: Abuse POC LVLT
OrgAbuseEmail: abuse@level3.com