A reader wrote me to ask about IP address security. I’m not really sure whether he meant keeping his IP address a secret, or whether he was asking if someone could break into his network and use his ISP connection with his IP address, so, let’s first look at the idea of keeping one’s IP address a secret…
Terry,I just recently came across your site and have joined your online email newletter. I have a question relating to I.P.addresses.I have a home network,router(encrypted /password required ),a firewall (not Win xp),several antispyware programs.The other day my ISP sent me an email,alleging I had violated copyright laws and had downloaded a movie from some place in [identifying information removed – Terry].I called my ISP and we discussed it,I did not download any movies and never heard of the film co.in question,my concern was how would they obtain my IP address,as it is like a fingerprint.I asked my ISP is there any way a 3rd.party could gain access to my wireless network and they could not provide an answer as to how this happened and advised me to disregard it.Is there a way for a 3rd.party to obtain my IP address ?? this is a security concern to myself and my wife. Thank you for your time
I wrote back to him to explain thatt the real question is not how they got his IP address, but how they tied that IP address to him. Only his ISP can do that, unless you logged in somewhere (or used an ID that linked to his name or email address) or in the program used to access it.
First, let’s go through how TCP/IP works – how the computers commnucicate like this on theh Internet. By necessity, I’m going to write this to explain how they could identify the IP address and how they’d tie it back to you. I’m not accusing you of downloading the movies — this is a "how would it happen if you had done it" exercise.
If he used any of the filesharing networks – or for that matter, just going to a web site – his IP address is presented to the web site. It has to be – that’s the way the Internet works. Otherwise the reply packets would never get to you – although we term them “reply,” that’s really only the perspective from the sending and receiving computers. As far as the routers between the sender and receiver are concerned, the data packets are simply packets of information with a source and a destination.
To you go to a web site, you type a Uniform Resource Locator, a “URL”, for example www.terryscomputertips.com , into the address bar of your web browser (IE, Opera, Firefox, Safari, whatever other web browser you might use).
Your computer sends a query to the Domain Name Servers (DNS) run by your ISP in order to translate the URL into the dotted-quad numbers that are the IP address of the web server you’re trying to reach. www.terryscomputertips.com, for example, translates to 220.127.116.11. Every IP address that is reachable across the Internet is assigned to a specific entity, sometimes a smalll company, sometimes a huge ISP who may assign some of them as static (unchanging) IP addresses and others as dynamic (DHCP) IP addresses. Most consumer-level ISP’s assign IP addresses via DHCP for ease in their administration of their system.
The next thing to understand is that your ISP knows at all times, and logs, which IP addresses are assigned to which MAC addresses (Media Access Control address). MAC addresses are unique addresses assigned to individual pieces of hardware that are capable of connecting to a network via the usual TCP/IP protocol.
You may or may not remember, but when you signed up with your ISP and any time you change or replace your Cable Modem or DSL modem, you have to tell your ISP the MAC address of your modem. They log it into their system so that their routers are willing to talk to your modem.
[This is getting long, but I’m trying to simplify the concepts, rather than making any assumptions about experience level.]
Anyway, when you request a web page, your ISP knows that your IP address is assigned to you. No one else does, except if you have provided identifying information to someone at the receiving end of the connection (for example, if you logged in to the web site).
The web site knows your IP address, whether you log in or not. If you haven’t provided any identifying information, it doesn’t know who you are, but it knows your IP address. If you’ve requesed a web page, it uses your IP address to send the packets of data containing the text of the web page and the HTML instructions telling your browser what fonts to use, etc., as well as telling it where to find and download any images to be shown on the web page. If you’vee requested to downloading a file from a web site, it sends the file to you in a lot of small data packets, which your computer reconstructs to make the file on your computer.
In other words, your web browser asks for a page (or file) to be sent to it. The web site sends it back to you as a number of individual packets of information addressed to your IP address using a specific TCP port number (which was assigned by your own router when it sent the request to the web site).
Your router sends not only your IP address but also a port number for the return packets. That’s how your router knows which of your local computers to send the response to. Example: to get the home page at my web site, your browser will actually request a connection to www.terryscomputertips.com:80, which means TCP port 80. TCP port 80 is the standard port number for a web server. On the other hand, your request will identify that the request came from your IP address and a totally unrelated port number, say 18.104.22.168:2056, where TCP port 2056 is a number that your router assigned so it could track the returning packets.
Bottom line: Any web site or any other server that you connect to HAS to know your IP address in order to send you the information you requested by your web browser or any other program. The real question is “How did they tie your IP address to your name?” Only your ISP and the server you contacted (if you had to log in to the site) or service you used would have the information to tie your name and IP address together at that specific time.
After receiving my explanations, the reader wrote back to say that the "claim" was that he had downloaded using software called BitTorrent.
He didn’t indicate whether he had used BitTorrent or not, but that is a file sharing system that’s used for a lot of fully legitimate sharing of files. Some Linux operating system distributions are available legally for free download as multiple CD’s and are available with everything on one DVD, but only via BitTorrent.
The concept of BitTorrent is distributed file sharing, where you may be uploading to others at the same time you are downloading for yourself. Of course, systems like BitTorrent can be used for legal file sharing and can also be used for copyright infringement.
I don’t know if he was using BitTorrent or not, and I don’t support copyright infringement. Unfortunately, if you don’t secure your wireless network adequately, someone else might be using your Internet connection to do their downloading…or uploading.
We’ll look at wireless networking security issues in the Wireless Security Issues.