The IP Address: Your Internet Identity, Part 2
In Part 1, we looked at how information is able to be transferred from one computer to another because each computer has a unique identity which is called the "Internet Protocol address" or "IP address." Today, we'll see how users can be traced from their IP Addresses, and discuss the privacy implications that this raises:
How Can Users be Traced from their IP Address?
Once an IP address is captured several methods can be used to trace the user. These tools can be found at Network-Tools.com.
• Determine who owns the network: IP addresses are distributed in blocks to network providers or private companies. By searching IP registration databases it is possible to determine who owns an IP address block. Databases are available on the Internet for the Americas, Europe, and Asia-Pacific regions. Sophisticated computer break-ins sometimes include an attempt to erase the IP addresses captured by the log files to prevent this type of lookup.
• Perform a "reverse lookup:" This converts the IP address into a computer name [Example: convert 255.255.255.255 into www.domain.com]. This is used to determine if a computer is part of a registered Internet domain.
• Conduct a Traceroute: When information packets travel through the Internet they pass through several computers in a hierarchical fashion. Normally packets pass from the user to their Internet Service Provider (ISP) until it reaches the user's "backbone" provider. It then transfers to the destination "backbone " provider down to the ISP of the destination computer and finally to the intended recipient. It is often possible to determine an approximate physical location of an IP address in this fashion. It is also possible to determine the computer's ISP and/or network provider even if the computer itself is not part of a domain. This is usually how junk e-mail or "spam" is traced.
• Review domain registration information via the "WHOIS" databases: Domain registration information is available via the Internet by performing a WHOIS on the domain name portion of the computer name [Example: for www.domain.com perform WHOIS DOMAIN.COM to obtain the registration information].
• Search the Internet for the IP address and/or computer name: It is often possible to find matches from users making public postings on discussion boards or from web sites that leave their log files open to the Internet. Of course, web site owners and/or banner networks could have additional non-public information based on activities at their web sites.
Generally, users who have fixed Internet connections (cable modems, private companies, etc.) have fixed IP addresses. Dial-up Internet providers usually give addresses dynamically from a pool when a user dials in to connect (such as a pool of 100 IP addresses per 800 subscribers).
Internal network procedures also affect the amount of information that can be gleaned from an IP address. If a proxy sits between the users and the Internet all of the users appear to come from one computer. In these cases, users can only traced as far as the proxy unless additional information is known. The 'computer names' can also sometimes be used to gather additional information. One major provider's computer names usually include the nearest city of the user. Some networks simply use the e-mail address in the computer name [Example: joe.domain.com has e-mail address email@example.com].
Regardless of the implications or your level of vulnerability, understanding IP addresses is a key factor in your online security.