Kitz Forum
Computer Software => Security => Topic started by: tickmike on November 27, 2007, 03:21:53 PM
-
It concerns me that we keep sending out my private IP address (Not Dynamic) along with the machine IP on my home network, >:( it's with emails and it seems to be be on my daughters bebo account etc. as well.
How can I stop this.
My set up = ADSL with 6 Ip Address's, Router (With NAT firewall turned off), Smoothwall hardware firewall, switch, network.
-
What exactly do you mean by your private IP address? If it's the external IP address of the router, then that's public knowledge on any system. If you mean the purely local LAN address, then that's no use to any external invader. Either way, it's not a security risk.
-
It is entirely normal for email. The email "header" contains all the information that the mx (mail exchanger or mailserver) passes.
I'm rather concerned that you have an IP block and don't understand basics like this?
What is the mailserver/ISP smarthost you use?
-
Eric, I have a block of IP Addresses for my system to work, it stops me double natting,
Rizla, My ISP = Eclipse and I use webmail (Hotmail, Lycos, yahoo ) as well as my isp's mail.
My main worry was with my daughters Bebo and chat forums, she very good and only talks with private friends settings as she does not want to use the pubic (anyone) settings., she is aware of the risks.
I noticed one day that our IP address was being displayed by the site and I had it in my head you could look up my IP details and hence get our home address something she nor I want made public .
Re,"I'm rather concerned that you have an IP block and don't understand basics like this?"
Well I have only one brain cell that works nowadays ;D and I forget or is it the mad cow disease eating my brain away ?.
-
Whenever you access anything on the internet your outgoing message header includes your IP address, so the server at the other end knows who to send the reply to. It's always going to be public knowledge. Those IP addresses are owned by your ISP, not by you, and any lookup will only reveal the ISP's details.
(There's a small typo in your second paragraph, which you might like to correct :lol: )
-
It happens to the best of us :lol:
-
Those IP addresses are owned by your ISP, not by you, and any lookup will only reveal the ISP's details
In my experience that's not true. The lookup will show who the IP block has been assigned to and RIPE rules certainly used to say that /29 IP blocks had to show contact details of the person/organisation to whom it had been assigned to. I had a /28 from AAISP, a /29 from Zen and a /29 from Metronet - they all showed me as the person responsible for the block. Eclipse certainly did the same in 2003 as I tracked down where an online acquaintance lived so I could send him a surprise wedding present.
If tickmike is also running a mailserver then he'll have rdns setup (or should have). If its anything other than a .uk address then its usually very simple to get name, house address and phone number (if not ex-directory). I've taken my mx down for exactly those reasons - it doesn't bother me but the kids are heading towards the age that I'd rather not have people able to tell their house address in seconds :)
-
>> In my experience that's not true.
Sorry if I got that bit wrong then.
-
Well you should be able to tell Eric as you can see the IP address that tickmike posted from? Just do a lookup on the IP block and see what it says - it is entirely possible that Eclipse don't/haven't entered his details :)
Edit - here's what RIPE say about it (I'm bored today :D) :
When an End User has a network using public address space this must be registered separately with the contact details of the End User. Where the End User is an individual rather than an organisation, the contact information of the service provider may be substituted for the End Users.
I have to say that most ISPs I've dealt with don't permit individuals to "opt-out" as it means the ISP must become admin & tech contacts for the block which increases costs. For example Plusnet seem to insist that the end-users details are visible.
-
If I do a whois on the IP address I see several names but not tickmike's, and the addresses are all shown as c/o Eclipse Internet with Eclipse phone numbers. So I don't think anything confidential is being disclosed.
-
So it doesn't look like this then :
11/28/07 11:49:34 whois 81.2.96.160@whois.ripe.net
whois -h whois.ripe.net 81.2.96.160 ...
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '81.2.96.160 - 81.2.96.167'
inetnum: 81.2.96.160 - 81.2.96.167
country: GB
netname: A6909A
descr: London office
admin-c: UKAA18787-RIPE
tech-c: UKAA18787-RIPE
mnt-by: AA
remarks: ISP abuse policy at http://aaisp.net.uk/abuse.html
remarks: Broadband link
status: ASSIGNED PA
source: RIPE # Filtered
person: Monique Parker
address: 7 Austinfriars
address: LONDON
address: UNITED KINGDOM
address: EC2N 2HA
phone: +44 20 7588 1684
e-mail: info@dutchchurch.org.uk
nic-hdl: UKAA18787-RIPE
mnt-by: AA
source: RIPE # Filtered
% Information related to '81.2.64.0/18AS20712'
route: 81.2.64.0/18
descr: AAISP
origin: AS20712
mnt-by: AA
source: RIPE # Filtered
That's part of the old block I had with AAISP which now is allocated to Monique Parker of (presumably) the Dutch Church in London. That is pretty much what I'd expect to see on a /29.....
-
No, there were no private addresses like that shown.
-
Nice one - Eclipse must be honouring the individual opt-out :)
-
Just out of curiosity I did a whois on my own IP address (from Zen) and and there's no private address information given in that either.
-
There wouldn't be unless you have a /29 block. End user details only apply if you have a block of public IP addresses and a /29 is the smallest Zen do. Eclipse appear to do a /30 which is VERY wasteful - frankly a /29 isn't much better.
Eg :
/29 = 81.2.96.160 - 81.2.96.167
81.2.96.160 = router address
81.2.96.161 = useable
81.2.96.162 = useable
81.2.96.163 = useable
81.2.96.164 = useable
81.2.96.165 = useable
81.2.96.166 = useable
81.2.96.167 = broadcast address
So 6 useable addresses from a block of 8. They are actually ALL useable but only if you know what is in the "next-door" blocks and it isn't something I'd recommend to most people.
Eg :
/30 = 81.2.96.160 - 81.2.96.163
81.2.96.160 = router address
81.2.96.161 = useable
81.2.96.162 = useable
81.2.96.163 = broadcast address
So only 2 useable addresses from a block of 4.
Edit - one ISP (Be) doesn't give you a block when you ask for multiple IP addresses. They simply give you IP addresses at random and they usually aren't in the same logical block - and they certainly aren't sequential. You'd therefore have to be either insane or up for a challenge to take multiple IPs from them :D
-
Right, I see. :)
-
Nice one - Eclipse must be honouring the individual opt-out :)
Yes it looks good, I have spent about half an hour on the 'ripe' web site and like Eric said there are no personal details on there now, the last time I looked was just after I go my block of 6 address and my name and address was showing, it now says 'ALLOCATED ' .
I also did a name search and my home address - both not shown.
-
Good :)
Do try the same lookups on your domains (if you have any). Eg I have a .me.uk domain with 1and1 (AKA Schlund) and every time I make any changes to the account they update Nominet with my details - even if they haven't changed. Unfortunately this has the effect of cancelling the "Non-trading individual" opt-out. It is VERY irritating as if I don't remember to then login to Nominet and opt-out again then its trivial to locate anyone using email on that domain (as the kids do now).
It's almost irritating enough that I might move registrars.......
-
Oh and one more thing - I'm assuming your daughter's machine has a public IP address yes? If so then have you considered the tracking potential of that? I'm not into security now but it'll be obvious that the address is part of an allocated block so its a fair bet that each IP address is a specific machine. If you have a machine already running Smoothwall then you might be better NATing her behind that - I think that was possible (Routed + NAT) but I can't remember. It should just look like a NAT router to anyone curious.
-
Oh and one more thing - I'm assuming your daughter's machine has a public IP address yes? If so then have you considered the tracking potential of that? I'm not into security now but it'll be obvious that the address is part of an allocated block so its a fair bet that each IP address is a specific machine. If you have a machine already running Smoothwall then you might be better NATing her behind that - I think that was possible (Routed + NAT) but I can't remember. It should just look like a NAT router to anyone curious.
In my first post I put
"My set up = ADSL with 6 Ip Address's, Router (With NAT firewall turned off), Smoothwall hardware firewall, switch, network."
With the ADSL router before smoothwall you have to turn off the 'NAT' firewall and have smoothwall doing all the NATing, Hence my block of IP's are to make all this work (Set up with the advice of the guys and girls of the smoothwall forum).
So all of my machines are back of the smoothwall firewall.
I have scanned my network with the 'Shields up' web site www.grc.com/ and it does not exist. :)
Thinking more about what is displayed on my daughters forum sites she goes on, It may be like this site were only the mods and yourself see your own IP Address .
While see is chatting to her friends I will get her to ask if any one can see our IP Address.
-
Yes but smoothwall is presumably routing rather than NATing? You can (IIRC) get it to do both. If the IP address you see on the sites your daughter visits is in the block Eclipse gave you and isn't the one you assigned to the smoothwall box then smoothwall is routing rather than NATing.
Why (if you don't mind me asking) do you need multiple public IP addresses anyway? I'm not suggesting you shouldn't have them - even if you're just playing about with them (I did this on AAISP :) ) - but having a block does make you a lot more visible. Eg - I wouldn't care what results I saw from a scan, if there's a block assigned then there's a network there :)
-
Smoothwall does the routing and Nats in this set up, hence the need for a block of IP's.
The IP address on my daughters machine is the same one as Eric can see the internet facing one, it's the same IP on all my network machines.
My network runs on 198.168.x.x. range.
-
I have a /28 block and i just did a whois and it does not have any of my details on them.
Ohh - You could get my surname if you do an rDNS lookup on the IP they are routed through :lol:
If you are very worried check out TOR.
PS* Add the dans guardian module to Smoothwall and ban Myface and Spacebook(me trying to be funny). I am curently using Linux from scratch and making my own firewall to filter ads, phishing and do av ect......
-
>> Smoothwall does the routing and Nats in this set up, hence the need for a block of IP's.
Well, rizla may correct me again here, but if you've got no internet-facing servers and you're using NAT, then you only need one external IP address. The NAT function will relate a single external address to multiple internal addresses. This is of course what most routers do.
-
It can vary from setup to setup but usually in a RED+GREEN setup you would:
(Pretend are IP Block is a /28 with 16 IPs and 14 usable: 999.999.999.100 - 999.999.999.116
Modem = 999.999.999.100 (NAT would be disabled and it would just be left to route to the smoothwall)
Smoothwall RED = 999.999.999.101
Smoothwall GREEN = 999.999.999.102
DHCP = 999.999.999.103 - 999.999.999.115
Broadcast = 999.999.999.116
That how i do my firewall. Its not smoothwall but the fundamentals are the same.
James
-
The only valid reason I can think of for requiring multiple IPs is if you're running multiple SSL hosts.
I think these days that virtualisation covers any cross-platform requirements. Possibly some games if you're hosting multiple servers but usually the ports can be changed - game hosting companies do it all the time and most wouldn't install the server unless the port number could be changed. Multiple VoIP phones work fine behind most NAT implementations - perhaps if you were running asterisk having more than one IP address would be easier.
I'm struggling to think of anything else apart from some broken VPN software.......
That's no reason not to have them if you want them of course :)
-
If you are very worried check out TOR.
I ran an exit server for some time and I wouldn't touch Tor unless you trust the exit server. It's trivially simple to set one up (for example) to only accept SSL traffic, then should you be so inclined, you simply capture all the traffic to disk. Nice easy way of getting usernames & passwords. They were told about this AGES ago but didn't take a lot of notice. Of course you could permit all http/ssl traffic and capture that as all you'd require is more storage space/patience.
Its surprising how many people forget they have Tor turned on when they access secure sites :(
-
The only valid reason I can think of for requiring multiple IPs is if you're running multiple SSL hosts.
Yup. I am running 2 SSL hosts and the other reason i NEED mine is for multiple xbox 360s. I thought that MS would have made it so you had say three sets of ports you could use(most people won't have more than 3 boxes). There again it is MS were on about here.
1 other use i can think of is load balancing but most homes don't have that. I sometime switch to LB if the my MX server is getting bombed and is slowing down my network.
Yeah i don't like TOR at all but i am also not to bothered about been visible as i have 2 MX servers 2x HTTPD and 2x SQL all publicly available. Besides getting SPAMed has been quite a "fun" learning experiance trying to prevent it. Although businesses probably would not call it that.
-
You can't put more than one XBox 360 behind NAT? Total muppets but as you say its MS :(
I assume you're using Spamhaus' Zen blocking list? That plus a couple of manual blocklists and some heuristics got me down to 8 spams/day accepted by the mx. I worked out that over the course of 2006 my mx rejected 99.987% of connections made to it at the smtp envelope stage. I use Mailtraq which, despite being a Win32 app, is probably the most stable piece of software I "own" :) I thoroughly recommend it to anyone.