cancel
Showing results for 
Search instead for 
Did you mean: 

Does it matter that people know...

N/A

Does it matter that people know...

Hi,

I have come accross some bits and bobs lately saying that if your ip address comes across as blah... blah.. .net or ...com you are more vunerable as you can be pin pointed etc...

Surely, there is software that can tell people where you are from your ip address alone :?

What i mean is some people have an address of x.x.x.x and others name at blah blah then x.x.x.

Is it worth going behind a proxy or am i just being paranoid?

If i used a redundant machine as a proxy/firewall and gateway would that be of any benefit? How does it all work?

Surely, the fact that my gateway has my public IP and the other computers have a private address means the translation is a security benefit by default?

Also say if you notice the same IP address is hitting you for what ever reason what is the best way to deal with it? If you block it in the router will it ignore the request from that address so the sender will never know if it was open or replied?

Sorry for the long post! Shockedops:
3 REPLIES
Community Veteran
Posts: 1,817
Thanks: 11
Registered: 30-07-2007

Does it matter that people know...

I've been looking at the same thing tonight myself.

if you do a reverse dns rdns on your ip address it shows your username.plus.net where your username is most probably also your logon name and the the first bit of your plus.net domain. In theory this means that a program can scan the whois database or the net and easily find that your domain exist and send spam to anything it wants at yourusername.plus.net.

if you ask plusnet to change the rdns to be your ip address.plus.net then the scanning program will draw a blank as the address dosnt exist as effectivlely it'll be sending e-mail to anyhting@192.168.0.1.plus.net or in other words anything@username.plus.net.plus.net instead of anything@username.plus.net

The link I used to request the change to my rdns was:

http://portal.plus.net/wizard/index.html?JZu1oo1alTUguBqXkOmsXN1sTrjfO50Ern%2B%2BJF64foobsmsFVHKn0Cd...

The following thread may also be useful.

Hope this makes sense.

Alan
N/A

Does it matter that people know...

Well if you have ever seen goldeneye where boris tracks the user down to an exact location, it can be done to an ISP but not futher (without CIA / FBI tools...ill get onto that later) You can find out what isp the user is using and also by which route they came to your site but it stops at ISP. EG it would show me as being in london when I am not as that is the closest PlusNet peering point to me.

The fbi and CIA are looking into usin ping times from many backbone routers to locate a user to a town and maybe even more specificaly than that wihtout even having to ask the isp. this is a huge undertaking and requires lots of complex maths to calculate the latancy / disance ratio etc.

A proxy will tell the site // script its ip not yours, if it is a good proxy, however most proxies are "open" and with some decent scripting you can work out even if they are using a proxy or not. The cool scripts use Java to pull your NAT'd internal address as well -- kind of cool Smiley

using a 2nd box for firewall would be a great benifit, especialy if you use smoothwall // openbsd as the firewall as these are designed to be VERY secure, and will be optimised for firewalling your network so require very little specs.

If you run a NAT'd network, then your internal ips should not be reachable from the outside unless you have specificaly set up some Port forwarding rules. This is thus a security bonus to use NAT.

Depending on your router it will either drop the packets from an ip that is blocked -- this will give "destination host unreachable" to a ping packet, or it will just route to null meanin the packet will time out "request time out" error will be given on a ping packet. Both of these methods will "hide" your computer from the ip, however you can detect if the PC is there and blockin the scans or if it is really off by seeing how long it takes to respond and how it responds,. the best routers will allow you to "eat" the packet, making it timeout about 100x slower than what it should, it shows your PC is there however slows port scans etc down alot.
N/A

Does it matter that people know...

Thanks for the input guy's, appreciated. Cheesy