PPRuNe Forums - View Single Post - pprune security
Thread: pprune security
View Single Post
Old 6th July 2001 | 11:54
  #8 (permalink)  
CrashDive
Guest
 
Posts: n/a
Cool
stickyb, mutt, and Evo7 are all correct.

All ping and trace-route do is to show just what your IP address is at any one time when you logged on with your ISP, and where abouts the ISP/server is located (well, sort of).

And yes, the PPRuNe software does log the IP address of a contributor, i.e. the IP address of the contributor at a particular moment in time and which was provided to them when they connected with their ISP. Indeed as part of our testing on this I wrote a program which collated all the posts that were made using my name and the associated IP address.

Q). Guess how many unique IP addresses had been assigned to me over time by my ISP ?

A). 870 !

So want to see what IP address has been assigned to your computer by your ISP ? Well log on to the Internet, then start a Dos Command Prompt and type 'ipconfig'.

Nb. Right now my ISP assigned IP address is 62.25.71.75 which if you run Neo-Trace against it, shows me connected to modem-843.beagle.dialup.pol.co.uk on the network of the European Regional Internet Registry / RIPE NCC (NETBLK-RIPE-C3).
That said, a few moments ago I just logged off and then logged back in again and my ISP assigned IP address has changed - surprise surprise (NOT ! ) to 62.25.71.164
... and I've just logged off / on again and, you've guessed it, it's changed again !

Now try that a few times when you've logged on and watch how your IP address changes (coz your ISP is providing the next available one to you on a pseudo-random basis) and the modem which you connect to at their end will also change as their needs demand - and it will probably be in different domain e.g. the first three numbers of the octal grouping (e.g. the 62.25.71 in the above) will change...

Nb. That's why banning an IP address is not a very smart idea, certainly from our point of view, because being such a broad brush approach and because IP addresses are so randomly generated you (we) have no real idea if the IP address that belonged to a naughty contributor will be the exact same one (i.e. unlikely) the next time they try to make a posting and / or that the same banned IP address has not since been allocated to some innocent PPRuNe contributor.

So, imagine that we (PPRuNe) needed to track down a contributor. What we'd have to do is to find the IP address that they were assigned by their ISP and that was used in one of their postings. Then trace back to their ISP and ask them to match the IP address which we logged at a particular moment in time (i.e. when the posting was made), against the ISP's log of who was assigned that IP at that time.
Nb. This all assumes that a contributors ISP have kept an audit trail of this (and just imagine how big a file that would be for any popular ISP) and that they are prepared to facilitate our request (very unlikely without a court order - and even then local jurisdiction would more than likely get in the way).

On the subject of individual corporate users. These folks typically sit on their companies network, kept safe & secure from that nasty Internet behind a router and firewall (regardless of whether the company is using a leased-line or dial-up access) and accordingly it's almost impossible to determine what the IP address it is that their computer is using on their internal network, i.e. what PPRuNe logs is not likely to be the IP address of the computer that your are using in your office, i.e. not unless your network administrator is a complete prat !

[This message has been edited by CrashDive (edited 06 July 2001).]