IP Addresses (forum posts) confidential??

Discussion in 'Networking and Security' started by gotta_trade, Nov 11, 2010.

  1. d08

    d08

    Oops, didn't notice it was old.

    Revealing IPs publicly is most definitely a bad idea, the profitable traders and the most disliked would definitely get a lot of different kinds of attacks.
     
    #51     Aug 10, 2013
  2. igotcash

    igotcash Guest

    here is my IP address:

    210.52.109.255
     
    #52     Aug 10, 2013
  3. d08

    d08

    Doubtful you're North Korean...
     
    #53     Aug 10, 2013
  4. I just posted this through a Tor exit node at 194.132.32.43.
    Good luck tracing me now. :cool:
     
    #54     Aug 10, 2013
  5. d08

    d08

    Careful with Tor, some nodes are there for malicious reasons.
     
    #55     Aug 10, 2013
  6. Yeah, like posting on ET.

    Seriously though many web sites block known Tor exit nodes just because of abuse issues.
     
    #56     Aug 10, 2013
  7. sheda

    sheda

    I cant see any reason to be suspicious of the ops question, its very relevant in this day and age, leaving a trail of posts potentially numbering into the thousands on a financial forum about how you make money. . .

    No one here is posting from the same connections and computers they trade on anyway but even so.
     
    #57     Aug 10, 2013
  8. You can't easily find out someone's identity with just an IP address as a private citizen.

    Now, if you're in law enforcement with a warrant an ISP can be compelled to divulge the identity given an IP address. Also clearly the NSA can do so without a warrant. But a private citizen cannot. ISPs will not tell you anything.

    The only way I can think of for Joe Blow to out someone is if they carelessly published their IP address with some other personal information like a real name. Obviously a pseudonym on the internet isn't enough information.

    Given just an IP address the best you can really hope for is a geographical area maybe 10 or 20 miles in diameter.
     
    #58     Aug 10, 2013
  9. OK what did you do? .... may as well confess now.

    The short answer, is that far more information than you think is handed out when you post. Given resources, you are never anonymous. although the information may be useless when they go to research it depending on the installation you visit. One needs co-operation between all intermediate sites to do it and solid logging. It costs a lot of time and money to do it (unless they have sniffers and other such tools) and ultimately proving it was actually physically you on the particular machine is tough in law. (You can claim you were hacked by a trojan for example.)

    Think about this. In order to communicate in a stateless variable route network, two machines must uniquely ID each other to compose and send a message. Investigators also need to know something about the network topography and have access to it or the logs.

    One of the secrets of the Internet is letting people think they are anonymous and letting them think they are secure but not really. In 1998 or so, we wrote a servlet that dumped all the meta data that goes with the HTTP header. I was amazed then, but computers didn't have unique ID chips then. I'll bet that things are a whole lot worse now.

    IP addresses can be spoofed, and most installations use DHCP which changes things ( look up command IPCONFIG /RENEW). Good logging and network topology captures all. It has been sometime since I have worked in IT.

    We fired one person, when admin logs were wiped minutes after I told one particular programmer that we had inadvertently detected solaris root had been compromised on one box. The log times told the story and we were watching for it. He later came to me and asked me not to say anything (unknown to him - I was responsible for a particular security area on 300 plus environments). We already knew, and I had escalated it to the director level and was awaiting instructions back.

    The responsible project manager asked me what to do. I said stop all work (50 programmers), load a previous environment from backup a month back (6 hour outage). She said that would cost too much time and trouble and we have a 35 million dollar project behind schedule. I said, all the more reason to do it then if it were me. She didn't likely tell me everything though.

    We later found out the project manager had encouraged this contract individual to compromise root to "help the project" along. I would have fired her as well, but in the end she was promoted! The project was being billed to external clients and they might have sued if they knew all the details, but the project was a huge failure promoted as if it was a huge success. I often wonder how much more damage she has done to the particular company since I left. Soon after she was removed and put in purchasing (IT purgatory).
     
    #59     Aug 10, 2013