Is it feasible to get disclosure of users whose IP addresses are from state and government domains? I think the effect would be that disinformation from trolls would be limited.

Another question would be, is it feasible to post all threads' originating IP addresses? Then we get some context about a user. Wading through all the BS on a forum like this gets tiresome sometimes.

Disclosure: Mine is a corporate IP address.

Surely, if we disclose everyone's IP addresses, we are just making life easier for anyone who would like to track them down? It seems a very bad idea to me.

Well, I live in Austin and make no secret of that. Anyone who wants to find me possibly could, but they would be getting the bull by the horns in more ways than one if their intentions were malicious. The dot-gov already knows everything about me anyway and I'm so squeaky clean my farts smell like rose bushes.

It may introduce more liability than benefit but it sure would help my mental crap-filter to weed out the disinformation more quickly.

Here is a story about what I'm talking about. It would definitely help with posts that are like this:

http://www.wwltv.com/video/news-index.html?nvid=313637

These are US Government employees attacking private citizens online, all on government computers (paid for by us) and on government time (paid for by you and me).

In the end, I think disclosure is mo' bettah.

That is a very bad idea. The government employs millions of people, many of them who surf the web like you do from your corporate IP address. To assume that they are all "agents" or something is absurd.

I did imply that, but that wasn't entirely what I meant. It is useful to know where EVERYONE is coming from, especially the .gov folks. What is wrong with disclosure? Usually the ones who want to run around and hide are the ones who cause problems and aren't truthful.

This can be done more with more subtlety. For instance, like this system: http://gnuheter.com/creeper/senaste

It uses an image (), that when loaded from computers within the government will turn red. It has to be configured at the webserver level but it is not overly difficult to do so (HTTP_REFERRER for instance). It could be attached to each new post to show that the person posting was doing so from a government owned IP address. In Sweden where the system detailed above is in service the addresses are pretty much a matter of public record, not sure about US though..

Problem is that the hypothetical bad guy with a small amount of internet savvy will be able to mask his real address with a web proxy, Tor network or something similar.

At the same time this "bad guy" will also have access to your real IP address. So if this bad guy decides he doesn't like you, he can scan your IP address for security vulnerabilities, launch a denial of service attack, perform recon on your physical location...etc...

The arin/whois database has IP range ownership information. The firmware of my router at home, Tomato, will show me the owner of an IP address in my logs just by clicking on it. It uses Ajax asynchronous post back to query the whois database for me and show me the owner of the IP address that made a connection to my network. The functionality can be pretty handy sometimes.

1. True. Most people don't use proxies for common surfing, but your point is true. If someone wanted to, they can disguise the source IP address in the TCP header packet.

2. Well, the physical location part is a bit of a stretch. I use TimeWarner's Road Runner ISP at my home. If you query my IP, you will see TimeWarner and the regional description as the owner, but not my name or address. That only happens when an IP address is owned by a person's company or an individual. Then ownership info would be displayed unless you specifically requested that it be anonymized. So the company name or business owner to whom the ISP connection is registered would be displayed.

You can scan someone's computer or network, but that happens anyway. My network gets scanned, mainly by Asians and Russians, several times a minute. But the firewall takes care of the packets and drops them. Anyone connected to the internet should have multiple jimmy-hats in line, like a decent Linksys router, AVG/McAfee/Norton anti-virus and at least two other spyware/malware programs like Spybot and Spywareblaster. They can hammer your network's IP address all day and won't get anywhere.

It all depends on what information is contained in DNS, ARIN, traceroute, etc. As well as the determination of the person involved.

Hypothetical example:

I have Jotapay's IP address and I want to find out as much about him as possible. The reverse DNS on the last hop of a traceroute to Jotapay's IP address contains 'cle'. I now know that Jotapay lives in Cleveland, Ohio and he has a broadband connection to Time Warner. I run a scan against Jotapay's computer and find that he is running windows XP, behind a cisco broadband router.

Unfortunately I can't find anything else. So I decide to run a scan against the entire "class C" subnet that Jotapay is connected to...knowing that the other IPs are in the same geo location and most likely the same neighborhood.

A quick scan allows me to determine that one IP address is listening on the 'telnet' port. This is followed by a dictionary attack against the telnet port with a succcessful login of 'admin/admin.' Once logged in to this device I find that it is registered to:

Bill Schmoe
4343 Lancaster Lane
Cleveland, Ohio 56381

A quick lookup with google maps and I probably now know where Jotapay lives within a few miles. Looking back through Jotapay's posts I noticed that he was posting about his Honda Prius with the peak oil sticker on it.

Me, the internet psycho, flies to Cleveland. Rents a car and drives to the neighborhood of Bill Schmoe. Within a half hour I discover a Honda prius with a peak oil sticker on it only 3 houses down from Bill Schmoe. Buwahaha!

That's still a bit of a stretch, but it's possible.

I've found out a lot about people before with by cross-searching names and internet handles/email addresses/ip addresses with Google, tax records and "people finder" websites. Eventually, using google maps, I can look right at their front door without even going there.

Once I was able to look at a car that I found on Craiglist that I was interested in buying without actually even going there. The person's email address eventually lead me to then finding their house on Google maps. Google maps had several angles of the car parked right in front of their house.