Ronnie Atuhaire
Ronnie Atuhaire's Blog 🤓

Ronnie Atuhaire's Blog 🤓

What Can Someone Do With Your IP Address?

What Can Someone Do With Your IP Address?

Ronnie Atuhaire's photo
Ronnie Atuhaire
·Feb 22, 2022·

9 min read

Subscribe to my newsletter and never miss my upcoming articles

Table of contents

Hi there 👋, welcome once again to my little world. I was recently stumbled upon and asked what can someone really do if they get hold of your IP address?

First and foremost, there is a lot one can do as we shall see and this post was actually greatly inspired by this subreddit question I also came across and I was like yeah... let me put it to writing for all of us.

📌 TLDR;

Yes, someone can do a lot of damage with your exposed IP.

image.png For starters, Feel free to sip this IP Intro section if you are advanced.

🔹 What Is An IP?

The IP part of the IP address stands for “Internet Protocol”. The “address” part refers to a unique number that gets linked to all online activities you do.

An IP address is a string of numbers assigned to an internet-connected device, much like an address on a house, so this means every device connected on Internet has an IP.

image.png Each address is a string of numbers separated by periods. There are four numbers in total and each number can range between 0 and 255. An example of an IP address would be: 192.168.12.04

Please read on how IPs are useful in Internet routing from my article and understand more about how the Internet works

🔹 Types of IP?

There are four different types of IP addresses: public, private, static, and dynamic.

To find your public IP address, simply go to WhatIsMyIP in your web browser. This site will display your public IP address and other information.

Your public IP address is used to connect your home or business network to the internet. This address is assigned by your internet service provider (ISP).

A private IP address is the address space that allows organizations to create their own private networks.

image.png I won't talk about IP addresses with domain names but you can refer to my article about DNS Records here.

Most internet users have a dynamic IP address that automatically changes from time to time and most websites have a static IP address that doesn’t change.

There are also Dedicated, Shared and Loopback IPs that we have not mentioned here.

🔹 Find Your IP

There are a few ways to discover your private IP address.

For example, on Windows, you can typeipconfig on the command prompt. Similarly, Mac & Linux users can type the command ifconfig in the Terminal app.

🔹 IPv4 and IPv6

Internet Protocol version 4 (IPv4) defines an IP address as a 32-bit number. However, because of the growth of the Internet and the depletion of available IPv4 addresses, a new version of IP (IPv6)is using 128 bits for the IP address.

So IPv6 is the next generation of IP addresses defined by the Internet Engineering Task Force (IETF).

image.png IPV4 Example: 192.168.2.15
IPV6 Example: 2001:0db8:85a3:0000:0000:8a2e:0370:7334

IPv6 is intended to eventually replace IPv4, they are tightly mingled right now—most engineers run them together and all these types of IPs can be scanned.

🔹 IP Hacking Techniques

We can't continue about this topic without mentioning the TCP/IP stack since it is one most used today.

TCP/IP stands for Transmission Control Protocol/Internet Protocol and is a suite of communication protocols used to interconnect network devices

image.png TCP and IP are separate protocols that work together to ensure data is delivered to its intended destination within a network.

Hackers are able to attack some flaws that exist within the TCP/IP protocol suite. These are some major attacks:

🔸 Address Spoofing

In computer networking, IP address spoofing or IP spoofing is the creation of Internet Protocol (IP) packets with a false source IP address, for the purpose of impersonating another computing system.

image.png

The IP protocol specifies that each IP packet must have a header that contains (among other things) the IP address of the sender of the packet.

Hackers have always been able to manipulate the direction that an IP packet takes based on the implementation of the IP header.

image.png

So, whoever has access to the IP header can act as a routing device and determine where the packet goes. This is true for both the source and destination of the traffic.

Hackers can then impersonate another host’s IP address within the network and send packets appearing to originate from this host.

🔸TCP Sequence Number Prediction

A TCP sequence prediction attack is an attempt to predict the sequence number used to identify the packets in a TCP connection, which can be used to counterfeit packets.

image.png The target host has no way of knowing that these counterfeit packets are from a malicious host.

The attacker achieves this by listening to the communication between the sender and receiver. All the attacker needs are the sender’s IP address and the correct sequence number, and this attack succeeds.

🔸Session Hijacking

In computer science, session hijacking, sometimes also known as cookie hijacking, is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system.

A session hijacking attack happens when an attacker takes over your internet session — for instance, while you're checking your credit card balance, paying your bills, or shopping at an online store.

Session hijackers usually target browser or web application sessions.

image.png A popular method is using source-routed IP packets. This allows an attacker at point B on the network to participate in a conversation between A and C by encouraging the IP packets to pass through B's machine.

The two main types of session hijacking are Application Layer Hijacking and Transport Layer Hijacking. Each type includes numerous attack types that enable a hacker to hijack a user's session.

It is somehow similar to the aforementioned method.

🔸Port Scanning

As I wrote in my article, it is part of the first phase of a penetration test and allows you to find all network entry points available on a target system.

Hackers are able to perform port scans in order to identify open ports and the services present and running within the network’s hosts.

image.png Hackers use this attack to learn the weak points or vulnerabilities in a business's network or home network.

When hackers send a message to a port number, the response they receive tells them whether it is open and helps them discover potential weaknesses.

NMap is the most popular port scanner for system administrators, network engineers, and developers. Angry IP Scanner is also a popular tool for scanning the local network and the internet.

🔸Denial-of-Service

Denial-of-Service attacks prevent valid and legitimate users from gaining access to information that they should be able to access.

The attacker transmits huge amounts of bogus data to the target, with the intention of rendering it unusable by overwhelming it.

image.png

The target eventually runs out of memory or CPU processing and might ultimately crash.

The famous Ping of Death DOS Attack inflates the size of a ping packet and causes a system to crash.

🔸Web Server Logs

A server log is a log file (or several files) automatically created and maintained by a server consisting of a list of activities it performed.

Look at it this way - IP is like a digital pass to connect online. So, every time you visit a website, you provide your IP. A website server can always review all the IPs if they only want to.

🔸Torrents

A torrent is a small file that has metadata about the files you’re trying to get.

Special software called clients read that metadata and pair your computer with other users that already have the file, so you basically “download” the file from them.

image.png

To put it simply, torrenting is a form of sharing data with other computers.

When you download content from torrent sites, every member of the swarm can check the list of peers and see your IP.

🔸Email Targeting

All emails contain email headers.

An email header contains detailed information about the sender, recipient, the email path to the Inbox, and various authentication. It's from the “To” and “From” fields of an email message.

When you send someone an email, as I'm sure you do often, your IP address is sometimes written in its header.

image.png

I am not sure which platforms or email services leave out this information but today we have email tracers and email IP grabbers you can use identity an IP in emails.

Every day, there are new attacks being crafted and those 8 are the major ones that happen mostly on the TCP/IP level & normal internet usage.

I also believe one can track your IP from internet forums and discussions.

🔹 IP Hack Consequences

So from the above, we can confidently list these as some of the things a Hacker can achieve with your IP address.

image.png

💨 Impersonating you with your IP
💨 Sell your IP on the dark web
💨 Affect online gaming
💨 Dump your personal information
💨 Block access to online service
💨 Tracking down your location
💨 Hacking into your device

image.png

Of course, there is more to what I have listed above and the possibilities and use cases are endless.

🔹 How To Hide Your IP?

Hiding your geographical location, preventing Web tracking, avoiding a digital footprint, or bypassing any content filters, bans, or blacklisting can still be achieved If you are security conscious.

This is going to be a full article I will write about but let me list some of the ways you can actually try to be safe.

✔ Use A VPN
✔ Patch up your home router configuration
✔ Enable Network Firewalls
✔ Use HTTPS to ensure SSL/TLS
✔ Use A Proxy Server
✔ Tor Browser Surfing
✔ Public Wifi can also hide your usual IP if you don’t use a VPN, your Internet activity is at risk of being spied on or intercepted by a bad guy without your knowing it.

🔹 Notes & Resources

You can get time to do some extra reading and get the related information from these articles here.

How-the-internet-works-in-just-10-lines
Address Spoofing
⭐ IBM Port Scanning Article
⭐ Infosec CEH TCP/IP Article
⭐ Email Tracers Free PC Tech Article
⭐ Python Port Scanning Article

🔹 Summary

The only direct information someone can get with your IP address is your general geographic location and if they decide to dig further, more information can be mined.

Let me bring port scanning here again as I conclude.

If you scanned 1 port at 1 second per host, it would take 18 hours and that is practically impossible because one port scanning can take several minutes

From the example, you can see the impact of adding one extra host on a large network of hosts.

UDP port scanning takes longer than TCP port scanning because it's a connectionless protocol. Scanning all UDP ports can take a long time and is resource-intensive.

So majorly if someone has the time and resources with an intention, They can still take it on.

🔹 Conclusion

It's true, anyone can scan your IP to determine if any publicly accessible services are available and there are people, entities, organisations and governments spending millions of dollars in this venture.

image.png

This was quite a lengthy one but hope you learnt something today 🌟

If you enjoyed reading this article, give me a thumbs up 👏♥. Otherwise, that's it for now.

Please consider subscribing or following me for related content, especially about Tech, Python & General Programming.

You can show extra love by buying me a coffee to support this free content and I am also open to partnerships, technical writing roles, collaborations and Python-related training or roles.

Buy Ronnie A Coffee 📢 You can also follow me on Twitter : ♥ ♥ Waiting for you! 🙂
 
Share this