Friday, 8 April 2005

What your IP address or domain name tells people about you

Be aware that you're not completely anonymous on the Internet. A good rule of thumb is, never do anything on the net that you wouldn't have the balls to do in real life.

You (or rather your ISP) get addresses from an RIR. You can find a list of them here. These sites always provide a 'who is' link somewhere which allows you to search for an ip address and gives you registration information.

For instance, go here and type in '66.249.87.104'. You'll see that this range (66.249.64.0 - 66.249.95.255) is goggle's but look what else you've got, their address and what looks like their telephone number for technical support. This sort of information is very useful to social engineers because it often gives the company web site, administrator name and email and telephone number.

If someone does a portscan on my network, my firewall will tell me. I can get their IP address, from my firewall logs or via DOS's netstat command (which shows who's connected to the PC). Odds are it won't list your phone number and address in the 'who is' search results, unless you're a large business but it will tell me who your ISP is. The IP address, together with your ISP gives me some clues about your location.

It might be possible to social engineer your name and/or address from an ISP by just ringing them up but it might be easier just to attempt to break into one of your machines, either the IP address you spotted, or one in the range given to you by your ISP (which I expect are almost always contiguous). I can also do a trace-route to that IP address to find out the IP of your router/firewall and begin foot-printing that to see if I can break in. Once I'm in to your network, I'd be looking for documents with your address on them. This is definitely not legal and I don't suggest anyone tries it - I wouldn't!

Incidentally, you shouldn't really ring up to report any old script kiddy attack though, use email if you're sure its worth it and not just background traffic or some AOL user's viruses looking for other vulnerable machines. If you know for sure that someone's trying to hack you and it's ongoing, ring up their ISP and get them to give them a smacking instead.

Sometimes people conceal their IP address with proxies and/or fake it when port-scanning to one of the reserved ip addresses (so they can't even be followed back to the proxy) but this is something for another article.

Web site name registrations (domain name registrations) tend to offer even more information. These registrations tell the DNS servers (Domain name servers) all over the world what IP address to map to what web site.

It's always best to register your domain privately especially if it might offend people (so your domain registration company keeps your details hidden - except from Big Brother of course). Certain domain hosting companies will do this for you, while others don't seem to care and list your full details for any 'who is' search! Type in a few web sites to the search box on say, this domain registration site and click on the 'who is' bit and you'll see.

Queue Jay and Silent Bob to print the authors details out, come around to their house and get medieval on their a$$!

Try here for more 'who is' search tools.