Recently, I have been putting a plugin on my Wordpress website to send me notifications about updates and logins.
There is a feature letting me know that people try to login as "Admin" and fail.
The thing is that all the IP addresses look a little bit the same and I have the possibility to block ranges of IP address.
I do not know how to spot patterns in IP addresses and wanted to know if anybody could tell me if there is a safe range to block from these addresses :
62.4.15.127
52.24.167.223
13.59.51.48
54.86.170.240
54.234.166.220
52.206.230.218
52.91.211.57
34.216.71.59
54.209.218.2
52.43.164.197
18.217.58.26
54.191.89.133
54.173.164.232
18.217.57.212
54.245.186.15
35.165.212.204
54.186.111.14
34.205.63.12
52.71.44.114
52.87.237.129
There is no clear pattern in those IP addresses. Some of them are from Amazon Web Services, others from other hosts. You can lookup where an IP address is from using IP lookup tools (google "IP Lookup tools"). One such site currently is: https://www.iplocation.net
As for patterns, you want to learn about IP subnets and IP CIDR notation. The simplest pattern is looking at the third block 1.2.3.4 or number 3, if 1, 2 and 3 are the same, they generally belong to the same subnet class. If number 3 is similar and 1 and 2 are the same, they may belong to the same CIDR block. When 1, 2 and 3 are all different, they belong to separate subnets. Digital Oceans has a site with more details at https://www.digitalocean.com/community/tutorials/understanding-ip-addresses-subnets-and-cidr-notation-for-networking
Related
I am learning about subnets and doing some quizzes. I don't understand one of the questions and it doesn't explain it either. Question screenshot with answer
Can someone explain why the answer is 6 and not 1? Because you have 254 usable IP addresses and they can all fit into 1 subnet, right?
The reason why the answer is 6 is written in the output provided. In order to route between different ip networks you need to cross "transit" links, which in basic IP networks must be also addressed. Your response was correct (4) for the amount of subnets needed for hosts hosted behind those routers, but then you have two "uplinks" between those 3 routers that you need to account subnets for.
It's a bit of a misleading question though, because those "uplinks" can also be unnumbered (not having p2p IP addresses). I would have also answered 4.
Is it possible to create ip groups in some way? so I can provide træfik with something like this: traefik.frontend.whiteList.sourceRange=MyGroup.
I would love to not worry about which ips I give access to when deploying a new service, but rather just provide a group and know that someone else is in control of managing the list of that group.
You can specify a source range in CIDR notation. To whitelist all local network IPs from 192.168.0.0 to 192.168.255.255, for example:
traefik.frontend.whiteList.sourceRange=192.168.0.0/16
Here's a handy helper for getting the right notation: CIDR Calculator
If you want to whitelist single IPs only, you can use a comma separated list, limiting the range to a single IP address with /32:
traefik.frontend.whiteList.sourceRange=1.2.3.4/32,2.3.4.5/32
Do Internet Providers give the same IP for more than one customer?
I want to know if an ISP could give the same public IP address to more than one customer. Theoretically it is possible right?
If they can is it something they do regularly? I mean, not necessarily all the time, but I wonder if it's something that eventually happens
Me and my neighbor could be sharing the same IP to the internet?
My question actually comes from a security reason. To defend from DOS attackers I would ban their IPs for some time. Would other people get affected by that?
In a real production scenario, would you solve DOS by blocking IPs at application layer?
A public IP address is normally assigned to an internet connection. Typically that means an entire home or office or an individual mobile device. So you and your neighbor will typically (unless your neighbor is using your WiFi or vice versa) be on different IP addresses.
However, many ISPs will recycle IP addresses. This happens frequently on mobile devices as the IP address at any moment will typically be assigned based on the cell tower you are connecting to. With cable, DSL and fiber connections your IP address may be constant for days or even months at a time, even without having a contracted static IP address.
Where this really comes into play is blocking spam. Many spam filters depend in whole or in part on real-time blacklists (RBLs). I have also done similar things (aha! it IS a programming question!) to block spam robots from some customer web sites.
If an IP address is associated with a region of the world where you do not expect to have many customers (or to receive any email from that region) then it is generally safe to block a large range of IP addresses. On the other hand, if the IP address is local to your customer base then blocking a large range would not be advisable, and even blocking one known problem IP address at a time can be problematic if either the IP address is reused and then effectively unavailable to some other potential customer OR if the IP address is actually an email server used by a large group of customers (this happens frequently with hosting providers that don't manage blacklist issues).
Is it possible for someone to track a dynamic IP address, if so what would it take and how would it manifest?
Would the person doing so be able to log every change in your ip range and eventually end up with the whole set of ip's you are able to have?
Is it possible to make my dynamic ip change in a different pattern, say in a more extreme way, making it harder for someone to trace it as described above? Is it possible to encrypt it somehow, and also all other information such as hardware MAC's / Inet MAC etc. everything.
The answer is yes and no.
In most cases only your service provider (and law enforcement) will have a log of all IPs you had and start/end times of each lease. You basically can't do anything to prevent this because they need to be able to identify you as their customer with a valid contract. This is usually done via MAC address of CPE equipment you get from service provider or by some login credentials (for PPPoE for example). There is no such thing as encrypting the IP and changing your MAC address would not prevent service provider from identifying you. For someone else there is no reliable way to track you. The closest thing they can find is the scope (or scopes) from which dynamic IP addresses are issued.
At the other hand, when you mix the technology and psychology, every one of us leaves the unique fingerprint when browsing the web. If you examine the combination of software someone uses, their traffic patterns (amount of traffic, sites they visit, activity during the day), their behavior and style of writing, etc, you can not just link them to some IP address but make a distinction between different users behind the same IP address. Anyway collecting this data is really hard which makes it improbable, especially if we are talking about ordinary internet users.
I would like to do this because it would make peer location much more effective in my p2p network as I would know that all the addresses would be part of this network.
How could I do this while remaining compatible with current transport layer protocols such as SCTP, and the current hardware used on the big wide Internet?
Thanks,
Andreas
I suggest using IPv6.
There is enough address space that you can create up to 2^40 "unique unicast" ranges, each with 16 bits of subnet and 64 bits of host ID.
Protocols such as UDP, TCP, and SCTP already work on top of it
It already has major operating system support.
See http://www.rfc-editor.org/rfc/rfc4193.txt
Densely filling the 40-bit unique-id is discouraged. Use the random generation method mentioned in the RFC.
Put simply, you can't. IPv4 IPs are distributed by IANA to the five major IP registries: ARIN (North America), RIPE (Europe), APNIC (Asia/Pacific), LACNIC (Latin America/Carribean), and AfriNIC (Africa). These registries then distribute those out to ISPs.
There are blocks reserved for local networks, but those are not routable over the public Internet... they must be encapsulated; this is how VPNs work.
The best way to have this kind of functionality is probably to use a name lookup service, or even a peer discovery service in the protocol itself.
The fact is, no matter what you do, it is likely that you will have to get your application to perform extra work on top of the IP protocol anyway, because the IP protocol itself supports only 1 address space, you need to add another layer to add an independent address space.
It looks like you're trying to create a network inside of a P2P "world". So all the users using the P2P app would have a second IP address, say Alice has 10.0.2.40, that could be used by Bob, another user of the app, to get to Alice. Right?
With that regards, it looks like you'd want to set up a VPN on each client and use some sort of route table modifications so the VPN is only used for the address-space allocated by the the P2P program (say the 10.x.x.x network).
But there are problems with that.. for example you'll never find an address space that everyone has free to use. Home Routers use 192.168.x.x, corporate networks or enthusiasts (like myself) use 10.x.x.x, and the 172.something is used by other sysadmins for stuff I'm sure.
Disclaimer: Not a networking genius, I'm speculating here.