Sunday, October 14, 2007

What exactly can someone tell from your IP address and what can they do with it? Can they find personal details or my precise geographical location?
In most cases your IP address is very easy to determine. But how much it says about you, specifically, depends on your ISP and what kind of IP address you have.


Finding someone else's IP can be as easy as looking at the full headers of email that they've sent you, or monitoring network connections for certain types of instant messaging and chat applications. Web sites routinely get IP address information for all visitors. They very nature of how the internet works dictates that when two computers talk to each other, they know each other's IP addresses.

But once you've received an IP address, what can you tell about it?

Some IP's are easy - they're static, and have a DNS name associated with them. For example, in a Windows XP Command Shell, enter the following command:

ping -a 17.254.3.183
The "-a" switch tells ping to do a "reverse DNS lookup", and print the first domain name it finds associated with the IP address you've specified. In this case, ping should include "apple.com" in its output, which is a domain name assigned to that IP.

With that domain name you can then do a "whois" lookup through using whois tools. That information will often include the information about the individual or organization that owns the domain. In this example, it does not, but includes the name of the registrar, markmonitor.com. Visiting that site there is a small "whois" link which, when run against "apple.com" returns all the information that you might want. Apple.com is owned, not surprisingly, by Apple Computer, Inc., and full address and contact information is available.

What if the ping doesn't work, or doesn't return a domain name? Then things get less precise.

In this case, we go to ARIN and use their IP "whois" tool. If we enter an IP address such as 206.124.145.17, we'll find that it's part of a block of addresses assigned to an ISP. In order to determine who actually is using that IP address, if anyone, the ISP would have to get involved. Note that without their involvement, the physical location of a machine at a specific IP address can not be determined.

Now, it's important to note that an IP address may, or may not, identify a specific computer. In many cases, such as large corporations, it identifies a gateway of some sort that acts as a router or proxy for any number of computers. Behind the gateway, the computers can all see each other, but from the internet the individual machines are indistinguishable from each other ... they all look like they come from the same IP address.

The same is true when you use a router at home. You might have any number of computers behind it, but from the internet, it appears as if you have only one IP address. Your individual computers are not directly accessible by default.

And that leads to my final point: use a router or a firewall. If you connect directly to the internet, then your IP address can be used by others on the network to attempt to connect directly to your PC and exploit any vulnerabilities. By using a router your computer cannot be contacted directly. Alternately, a firewall blocks the intruders from gaining access to your machine even if they do reach it.

1 comment:

Anonymous said...

all that's fine.
but after all, in the era of absolute desire of self-manifestation and self-publication everyone -consciously or unconsciously- prefers starvation than exclusion of self -publish. For most, the absolute fear is that nobody search for them.
The -Good-bye privacy- situation maybe is a coma like situation, but certainly is a real one.