homepage Welcome to WebmasterWorld Guest from 54.237.38.30
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
Student SSNs exposed - Advice on how to gather info on IPs?
classifieds

10+ Year Member



 
Msg#: 4386916 posted 10:16 pm on Nov 14, 2011 (gmt 0)

My daughterís high school recently posted the results of their standardized tests that included the kids SSNs. It was detected within a few hours but the page was viewed 60 times by 44 different IP addresses.

I asked the school board for the list and most of them were local but 10 or so were either non-US or from university networks.

Iím looking for advice or guidance on how I can gather more information about the hosts, the domains on them, who owns them and any other data that may assist with assessing the severity of the exposure.

Any assistance would be appreciated.

Thanks,

-jay

 

g1smd

WebmasterWorld Senior Member g1smd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4386916 posted 12:20 am on Nov 15, 2011 (gmt 0)

Plug the IPs into any WHOIS tool and it should reveal a fair amount of information.

classifieds

10+ Year Member



 
Msg#: 4386916 posted 12:35 am on Nov 15, 2011 (gmt 0)

Already used whois to narrow it down to 10. . . Example. . . .

Is there anyway to find out what's on the IP Address below?

-jay

NetRange: 95.0.0.0 - 95.255.255.255
CIDR: 95.0.0.0/8
OriginAS:
NetName: 95-RIPE
NetHandle: NET-95-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at [ripe.net...]
RegDate: 2007-07-30
Updated: 2009-05-18
Ref: [whois.arin.net...]

OrgName: RIPE Network Coordination Centre
OrgId: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
RegDate:
Updated: 2011-09-24
Ref: [whois.arin.net...]

ReferralServer: whois://whois.ripe.net:43

OrgAbuseHandle: RNO29-ARIN
OrgAbuseName: RIPE NCC Operations
OrgAbusePhone: +31 20 535 4444
OrgAbuseEmail:
OrgAbuseRef: [whois.arin.net...]

OrgTechHandle: RNO29-ARIN
OrgTechName: RIPE NCC Operations
OrgTechPhone: +31 20 535 4444
OrgTechEmail:
OrgTechRef: [whois.arin.net...]

== Additional Information From whois://whois.ripe.net:43 ==

inetnum: 95.40.0.0 - 95.40.255.255
netname: PLUSNET
descr: Polkomtel S.A.
descr: Warszawa
country: PL
admin-c: PKL1-RIPE
tech-c: PKL1-RIPE
status: ASSIGNED PA
mnt-by: POLKOMTEL-MNT
mnt-lower: POLKOMTEL-MNT
mnt-domains: POLKOMTEL-MNT
mnt-routes: POLKOMTEL-MNT
source: RIPE # Filtered

role: PlusGSM IP Team
address: Polkomtel S.A.
address: ul. Postepu 3
address: 02-676 Warszawa
address: Poland
phone: +48 22 4261599
fax-no: +48 22 4260099
remarks: Plus (pl.plusgsm) registry administration
remarks: ---
remarks: Registry contact:
remarks: Spam and abuse reports:
remarks: ---
abuse-mailbox:
admin-c: IN3-RIPE
tech-c: KK1860-RIPE
tech-c: SO1236-RIPE
tech-c: DCH3-RIPE
nic-hdl: PKL1-RIPE
mnt-by: POLKOMTEL-MNT
source: RIPE # Filtered

route: 95.40.0.0/15
descr: Polkomtel S.A.
descr: Warsaw, Poland
origin: AS8374
mnt-by: POLKOMTEL-MNT
source: RIPE # Filtered

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4386916 posted 2:23 am on Nov 15, 2011 (gmt 0)

I assume that anyone who has access to the more restricted information sources-- the ones you have to pay for-- will contact you individually.

Two other thoughts:

Any possibility of interesting either law enforcement or the Social Security Administration? They claim to get very worked up about stolen SSNs. And you can get a ### of a lot more information if you can wave a subpoena around.

If you're down to ten unknowns-- assuming for the sake of discussion that all the local viewers are law-abiding, trustworthy people who would never ever misuse accidentally obtained information-- how much further can you get with ordinary human legwork? "My uncle's on vacation in Poland and I know he was really eager to see the results" and "I've applied to Bzzt University and told them when and where my results would be posted" and so on.

classifieds

10+ Year Member



 
Msg#: 4386916 posted 8:42 am on Nov 15, 2011 (gmt 0)

Lucy,

I think the school system has investigated those options. The servers were not hacked so there's no crime committed (other than carelessness). Not sure about the Social Security Admin but will find out.

-jay

topr8

WebmasterWorld Senior Member topr8 us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4386916 posted 10:05 am on Nov 15, 2011 (gmt 0)

i should think it's probably robots that have scraped the page...

assuming the data was linked to from a publically available page, then there are so many of these rogues around that they quickly take any new content that they find.

classifieds

10+ Year Member



 
Msg#: 4386916 posted 10:25 am on Nov 15, 2011 (gmt 0)

The school webmaster is digging through their log files to determine how many total pages each of the IP addresses loaded over the last 30 days.

But at the end of the day we can't put the genie back in the bottle but I'd like to try to find out how serious this is.

If any of them were scraping content for automated MFA sites I can at least monitor her SSN via GAlerts and if it shows up on the net somewhere maybe I'll get a notification.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved