What can you learn by knowing an IP address?
By knowing an IP address of a device, you can learn the following information:
- The geographic location of a device. Most IP address formats allow you to determine the country, region, and city a device is located in. For example, IP addresses from the United States generally begin with “192.” “172.16”, or “10”.
- The type of network a device is connected to. Using the above example, “192” is reserved for small networks, “172” is reserved for medium-sized networks, and “10” is designed for large networks.
- The type of device. Certain IP address formats can help you identify the type of device, though you may not be able to determine that info from the IP address alone and more information might be needed. Those devices can include computers, routers, or servers to name a few.
- The owner of the device. An IP address can help you identify the whether the owner of the device is an individual or a business entity. It may also give you clues on who the owner is, though that information is difficult to ascertain.
- The operating system and software installed on the device. Certain IP address formats can help you determine the type of operating system and the software installed on the device.
Does the IP address of a device change when its physical location changes?
The IP address of a device does usually change when its physical location changes. When a device is connected to the internet, it is assigned a unique IP address by the Internet Service Provider (ISP). If the device is moved to a new physical location, it will be assigned a new IP address by the new ISP or by the existing ISP if the ISP doesn’t change. The IP address changes because the ISP needs to be able to track the device’s location to provide the best service.
As for cell phones and other mobile devices, an IP address is assigned to a mobile device by the cellular service when the phone is connected to their network. Mobile phones have dynamic IP addresses. This means that a new IP address is assigned each time the phone connects to the network from a different location. This allows the network to keep track of the device as it moves to different locations. Adversely, it does make it much more difficult to track a mobile phone through an IP address.
How do businesses use IP addresses?
Businesses use IP addresses for a number of purposes. They use them to identify and connect to computers, printers, and other devices on their networks. They also use IP addresses to connect with external networks including the internet. Businesses may also use IP addresses to restrict access to their networks, such as a user who is accessing their website from a different computer for the first time. Because businesses can use IP addresses to restrict access, they can also protect their systems against malicious activity such as viruses. This is done by allowing networks to filter out traffic from unwanted sources.
IP addresses also allow businesses to track usage and trends. These trends might include to determine where they are getting most of their traffic from, to see frequent visitors, and to track specific visitors to see their visits to the business’s website and app prior to making a sale.
Since IP addresses identify a user’s location, they can also be used by businesses to provide location-based services such as specialized advertising. In this manner, they can target their advertising efforts to specific geographic areas. This can help them to save money on advertising and to ensure that their ads are seen by the most relevant audience.
Businesses can also use IP addresses to implement network security measures such as firewalls. Firewalls are implemented by allowing only certain IP addresses to visit a site or by tracking down and blocking IP addresses of malicious actors.
How can IP addresses be used to commit cyber attacks?
IP addresses can be used in a number of ways to commit cyber attacks. Two of the most common ways include a distributed denial-of-service (DDoS) attack, a man-in-the-middle attack or through port scanning:
DDoS Attack: In a DDoS attack, a malicious actor sends a large amount of traffic to a targeted IP address. The goal is to overwhelm the system and make it unavailable for legitimate users. In a DDoS attack, the attacker can use automated tools to generate requests from multiple IP addresses to make the attack difficult to detect and the perpetrator difficult to locate.
Man-in-the-Middle Attack: In a man-in-the-middle attack, the attacker intercepts communications between two IP addresses to an IP address that they control. By doing so, the attacker can monitor or modify the data as it passes from one user to another to possibly gain access to sensitive information from either party
A third way that cyber criminals can gain access to information is through port scanning. Port scanning involves sending data to a targeted system to determine what ports on the system are open, closed, or filtered in some way. This is often used by cyber criminals to identify potential targets and by security professionals to identify potential weaknesses of a system.
An IP address can be hidden by using a Virtual Private Network (VPN). A VPN uses encryption and authentication technologies to ensure that the data being sent over a public network is secure which can prevent cyber attacks. VPNs are commonly used to securely access and share data over a public network as though the device was connected to a private network. These public networks can include anywhere that provides public internet access including coffee shops and libraries. VPNs are frequently used by remote workers.
VPNs are also used to bypass geographic restrictions and censorship. This allows users to access websites and services that may be blocked in their country. This can be a useful tool for journalists, activists, and other individuals who may need access to information that is otherwise restricted.
The problem with VPNs is that they can also be used for cyber attacks. When using a VPN, an attacker would remain anonymous throughout an attack.
Matraex is a premier app and software development company located in Boise, Idaho. Do you have any questions regarding app development or any of today’s computer technology? Matraex would like to be your go-to source for unbiased answers. Contact us, leave a message on the live chat feature on our website, or place a question on our Google Business Profile page. We look forward to answering all of your tech questions so you can be an informed consumer.
Sign up to receive answers to your questions delivered directly to your inbox!
Access the IP Security – Port Firewall on Windows 2000
In order to access the IP Address / Port restrictions / Firewall tools in Windows 2000.
Use this quick video to see where to click to access.
ip tables commands which ‘might’ make your firewall PCI compliant
This is a list of the iptables commands that will setup a minimal firewall which ‘might’ be PCI compliant
This is primarily here to remind me, so I have a reference in the future.
I also have ports for FTP and SSH for a single developer IP as well as monitoring for a single monitoring server. The format is simple and can easily be changed for other services.
Be sure to replace ‘my.ip’ with your development ip, and ‘monitoring.ip’ with
This is on a Linux Ubuntu machine (of course)
apt-get install iptables iptables-persistent
iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp --dport 22 -s my.ip/32 -j ACCEPT iptables -A INPUT -p tcp --dport 21 -s my.ip/32 -j ACCEPT iptables -A INPUT -p tcp --dport 5666 -s monitoring.ip/32-j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p udp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT iptables -A INPUT -p udp --dport 443 -j ACCEPT iptables -A INPUT -j REJECT --reject-with icmp-host-unreachable iptables -A INPUT -p icmp --icmp-type timestamp-request -j DROP iptables -A OUTPUT -p icmp --icmp-type timestamp-reply -j DROP iptables -t raw -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP iptables -t raw -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP iptables -t raw -A PREROUTING -p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP iptables -t raw -A PREROUTING -p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -j DROP iptables -t raw -A PREROUTING -p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP iptables -t raw -A PREROUTING -p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP iptables-save > /etc/iptables/rules.v4
awk Command to remove Non IP entries from /etc/hosts and /etc/hosts.deny
We had a script automatically adding malicious IPS to our /etc/hosts.deny file on one of our servers.
The script went awry and ended up putting hundreds of thousands of non ip addresses into the file. There were malicious IP addresses mixed in
I used this awk script to clean it up , and remove all of the non ip addresses, and make the list unique.
awk '/ALL/ && $NF ~ /[0-9.]/' /etc/hosts.deny| sort -n -k2 |uniq > /etc/hosts.deny2
once I inspected the /etc/hosts.deny2 I replaced the original
mv /etc/hosts.deny2 /etc/hosts.deny