Give me your IP, I'll tell you who you are

Give me your IP, I'll tell you who you are




There are some time, I wrote an article explaining what we can do with an IP address.

For those who have not yet had the opportunity to read it, here it is:

http://www.depotekk.com/2015/03/what-can-one-do-with-my-ip-address.html

I explained in this article that you can not do much with an IP address. This is especially true from a technical point of view.

We will see in this second version of the article that we can still conclude certain things from an IP address without changing the meaning of the preceding Article.

What can be done technically?
To begin, you should know that the computers on the network communicate with ports and IP addresses.

The IP address is the computer address as the mailing address of your home. Ports are like numbers doors of your home.

If ever your home contains only a door, so imagine a hotel: The hotel's address is the same for all customers, but each has a room number apart.

From there we can get into a lot of technical definitions.

We all DHCP First, it is somehow the president of the houses that assigns the addresses of houses. Technically, it assigns IP addresses to each computer in the network concerned.

Then comes the firewall and NAT (Network Address Translation).

Let's start with the firewall.

This guy is like the security guard houses. It ensures that no one comes by closing many doors.

Technically, the firewall blocks or allows the ports.

Then comes the NAT, which was invented to solve a problem: There are 4 billion IPv4 addresses available, but in the Internet scale is too little.

NAT allows to group all computers on a local network under a single IP address. To return to the example of the houses, it is as if there was an address to a home that actually several groups. NAT must handle all this, including how to know who is for mail in all homes with the same address.

Modems / routers (internet box) make the NAT, which means that your public IP address is also your brother to the floor and your spouse with his laptop. In fact, your public IP address is actually that of your box and not that of your current computer.

"But then what is the real IP address of my computer? »

I can not tell you, but it is also most likely a type 192.168.0.1 address called local address, which is not used publicly on the Internet contrary to the public address of your box (the one you get here: http://whatismyipaddress.com/). Besides, if you're interested, you can open a command prompt using the Windows key + R then type cmd.exe. After opening the command prompt, type the command:

ipconfig




My address here: 192.168.0.11. Local addresses of other computers on my local network will be different.

Unix you can use the command:

ifconfig
Well, all that to say that when retrieving your IP address, actually recovering the IP address of your box.

Finally on the details, not only because of your NAT box but it is also a DHCP server because it attributes these local IP addresses to computers on your network. And in addition, it can act as firewalls to block upstream ports.

It is for the same reason as you may have heard about port forwarding, it is to make available a local machine (eg 192.168.1.20) from the outside using the public IP address.

Usually, the NAT also acts as a firewall, rejecting default unauthorized traffic, unless precisely to authorize via port forwarding.

Finally, if you have no web server or specific services with port forwarding on your pc, there is little chance of finding a point of entry to your system from outside your network.

If you still want to watch your open ports, you can use Nmap on your local IP address, it will be something like:

root @ kali: ~ # nmap 192.168.0.11
 Starting Nmap 6.47 (http://nmap.org)
 Nmap scan deferral for 192.168.0.11
 Host is up (0.00077s latency).
 Not shown: 993 filtered ports
 PORT STATE SERVICE
 135 / tcp open MSRPC
 139 / tcp open netbios-ssn
 445 / tcp open microsoft-ds
 554 / tcp open rtsp
 843 / tcp open unknown
 2869 / tcp open icslap
These services could be attacked by a person in the same local network and assuming they are fallible.

You can also run the following command as an administrator in Windows:

netstat / a / b
To view a list of all open ports and communications undertaken.

In Linux, there are:

netstat -plntu
So no big security hole and without attacking your own local network can not do much.

That said, there is another technical means of attacking an IP address, it is the famous denial of service.

Denial of service?

Denial of service (back) is to massively send network data on a given machine, so the overload and crash. This machine could be your box. Denial of service is often difficult to counter because even with a firewall installed, it must receive the request before you can allow or block it.

A successful attack could thus make unavailable all your Internet access for the duration of the attack.

How to counter it?

Most box record access logs and technical support of the provider is supposed to be responsive to change your IP address in case of attack. You can also file a complaint with the hand log file if it ever occurs.

How do I know if I am the victim of a denial of service?

The attack takes some time before making a machine unusable. If your connection starts to jump and become slow you can open a command prompt (cmd.exe) and perform a ping to google, for example.

ping -n 10 www.google.fr
Here -n 10 means that we send 10 requests. You can go to 20 or 30.

Here's a screenshot:






Observe the time in milliseconds. On the screenshot remains stable at around 30ms. If ever increasing (30,50,100,800 etc ...) you are potentially under attack. Moreover, when you have no network you will receive something like "demand timed out."

I say "potentially attacked" because it is not always the case and there is no need to cry denial of service should the ping time increases.

To retrieve the IP address of the owner of a denial of service, a look at the netstat quoted above is generally sufficient to detect many connections from the same IP address.

The case of distributed denial of service (ddos)

There or it gets complicated is when is a distributed denial of service: Many different machines attacking simultaneously.

In this case it is possible to prevent or identify a particular machine because there are potentially tens of milliers.La solution to counter DDoS?

Change its IP address. And that's a problem when you have a static IP address because it must make a request to the ISP.

When the chance to have a dynamic IP address, the following commands are usually sufficient to change IP address:
ipconfig / release
ipconfig / renew
(Thanks to Paul for the remark, ipconfig only changes the local IP address and not the external IP address).

One way to prevent DDOS attacks?

Yes, use a VPN. I speak here and I will speak again soon.

What can we do differently?
A word about geolocation

Here we are in the second part of the article. We'll talk about often neglected or unknown methods of Internet users.

We have seen what it is technically possible to do with an IP address, we will now see that it's not just technology.

In fact, the IP address is in a distinct geographic location at a given time (unless your router teleports). And this place can be determined!

There has never safely geotag an IP address that is why we say "determined" and not "calculated" or "recovered".

I will not go into details on the operation geolocation utilities because I already talk in the guide "How to Become A Hacker".

Can one really find me via my IP?

Yes and in two different ways.

First way:

Even if you have a dynamic IP address, your ISP systematically and automatically keeps all traces for a period of six months to two years.

See: http://fr.wikipedia.org/wiki/Directive_2006/24/CE_sur_la_conservation_des_donn%C3%A9es

I quote:

in particular to:
able to trace and identify the source of a communication;
able to trace and identify the destination of a communication;
to identify the date, time and duration of a communication;
able to identify the type of communication;
to identify the machine used to communicate;
able to identify the location of mobile communication equipment.
This means that in filing a complaint with a given IP address, justice will only have to retrieve the records from the provider to know the real person behind the IP address.

Second way:

If I am in possession of a particular IP address which I do not know the author, let 0,1,2,3. And I get the IP address of a specific person who turns out to be as 0,1,2,3, I immediately made the connection between the two.

Often contact me to ask me how to find the owner of a specific IP address. Given that most hackers are initiated by people of the entourage, there to retrieve the IP addresses of suspected persons and to compare them to the attacker's address. Sometimes even just to use the geographical estimate of the IP address of the attacker to find who it is.

How to retrieve these IP addresse?

There are several ways, just by the fact that any site can retrieve the IP addresses of visitors.

If you are interested, I leave you with a look here:
http://www.depotekk.com/2015/03/how-to-retrieve-ip-address.html 

About

I founded the Blog DepoTech in January 2015. Self-taught in development, I have always pushed my curiosity about the topics,Web and Tech news.

Next
« Prev Post
Previous
Next Post »
Subscribe to: Post Comments (Atom)