Do Internet Providers give the same IP for more than one customer?
I want to know if an ISP could give the same public IP address to more than one customer. Theoretically it is possible right?
If they can is it something they do regularly? I mean, not necessarily all the time, but I wonder if it's something that eventually happens
Me and my neighbor could be sharing the same IP to the internet?
My question actually comes from a security reason. To defend from DOS attackers I would ban their IPs for some time. Would other people get affected by that?
In a real production scenario, would you solve DOS by blocking IPs at application layer?
A public IP address is normally assigned to an internet connection. Typically that means an entire home or office or an individual mobile device. So you and your neighbor will typically (unless your neighbor is using your WiFi or vice versa) be on different IP addresses.
However, many ISPs will recycle IP addresses. This happens frequently on mobile devices as the IP address at any moment will typically be assigned based on the cell tower you are connecting to. With cable, DSL and fiber connections your IP address may be constant for days or even months at a time, even without having a contracted static IP address.
Where this really comes into play is blocking spam. Many spam filters depend in whole or in part on real-time blacklists (RBLs). I have also done similar things (aha! it IS a programming question!) to block spam robots from some customer web sites.
If an IP address is associated with a region of the world where you do not expect to have many customers (or to receive any email from that region) then it is generally safe to block a large range of IP addresses. On the other hand, if the IP address is local to your customer base then blocking a large range would not be advisable, and even blocking one known problem IP address at a time can be problematic if either the IP address is reused and then effectively unavailable to some other potential customer OR if the IP address is actually an email server used by a large group of customers (this happens frequently with hosting providers that don't manage blacklist issues).
Is it possible for someone to track a dynamic IP address, if so what would it take and how would it manifest?
Would the person doing so be able to log every change in your ip range and eventually end up with the whole set of ip's you are able to have?
Is it possible to make my dynamic ip change in a different pattern, say in a more extreme way, making it harder for someone to trace it as described above? Is it possible to encrypt it somehow, and also all other information such as hardware MAC's / Inet MAC etc. everything.
The answer is yes and no.
In most cases only your service provider (and law enforcement) will have a log of all IPs you had and start/end times of each lease. You basically can't do anything to prevent this because they need to be able to identify you as their customer with a valid contract. This is usually done via MAC address of CPE equipment you get from service provider or by some login credentials (for PPPoE for example). There is no such thing as encrypting the IP and changing your MAC address would not prevent service provider from identifying you. For someone else there is no reliable way to track you. The closest thing they can find is the scope (or scopes) from which dynamic IP addresses are issued.
At the other hand, when you mix the technology and psychology, every one of us leaves the unique fingerprint when browsing the web. If you examine the combination of software someone uses, their traffic patterns (amount of traffic, sites they visit, activity during the day), their behavior and style of writing, etc, you can not just link them to some IP address but make a distinction between different users behind the same IP address. Anyway collecting this data is really hard which makes it improbable, especially if we are talking about ordinary internet users.
I have a website and I can collect all kinds of information (log) of the viewer including - but not limited to: IP, Country, City, OS, Date and Time. (If It's a mobile device, it's MobileOS, Device Model etc.)
However, logs having the same IP adresses does not seem to be useful to identify the viewer since the website is mostly used by the students of my university and they have the same IP address as that of the university's WiFi.
I had the idea to somehow get the MAC Address of the viewer's device, but it does not seem applicable in ASP.NET. (There is a JavaScript solution,but it works only for IE.)
Is there any way to obtain the MAC address of my users? Or is there any other way to uniquely identify users on my website that I could perhaps use?
Thanks in advance.
You can't get the MAC address because there are lots of machines (and interfaces) between you and the viewer of the website. The IP address, as you're finding, isn't unique because the visitor might be behind a NAT, or might change IP addresses because of lease renewal or temporary assignment.
There are other ways to do fingerprinting, if you're just trying to identify machines (and the users, and the sessions): https://panopticlick.eff.org/static/browser-uniqueness.pdf
You stop short of explaining why you want to get the MAC address. What is it that you want to accomplish?
I have an online contest where people vote for a sports team by filling out an html form.
When looking at the data on any given day, we notice that we often get hundreds of votes per hour coming from the same IP address. Yesterday we got hundreds of per hour from 111.111.111.111 and 222.222.222.222. Then today, we get hundreds of votes per hour from 333.333.333.333 and 444.444.444.444 and 555.555.555.555. I automatically suspect foul play such as a bot, or perhaps a team of employees from the same building voting on behalf of other users.
However, when i ran an sql query to show votes per hour, I noticed that the votes from these IP addresses spiked around noon and late nights between 9pm and midnight. I'd imagine this is consistent with real user voting behaviour, because people want to vote during their non-work hours.
I'm confused, the IP addresses seem to imply foul play, but the votes per hour seem to imply legitimate votes.
So my question is:
Is it possible for entire cities and towns to use the same IP address? I'd like an explanation on how IP addresses work so that I can determine if it is an effective way to detect foul votes.
IPs are not shared as much today as they were 20 years ago. Fact is, so many different IPs are issued that the IPv4 pool is being drained out and we are close to having to resort exclusively to IPv6 to expand the IP pool.
Anyway, this is definitely fool play. Input a limit on each IP and a ban after too many attemps to vote from the same place and you should be fine. Depending on your system/implementation, you could use cookies, look client details (navigator used, etc...),... to separate multiple users with the same IP.
I'd think it was fraud. You should probably implement vote throttling from a specific IP address.
IP addresses can be easily flubbed.
Try identifying your users by something different (like a username)
Yes, it is possible to have scores of people coming from the same address - the stories are legion about people being banned from certain sites because their internet provider proxies all webtraffic through one address.
Here is my situation. I am part of a project creating a P2P charity website, where users connect and can give money to one another. Because of the nature of the site, we know scammers are going to be rampant. We have several preventative measure ideas, and one idea that came up was tying an IP address to the user's account. The reason for this would be to be able to detect when someone from the same IP address creates several accounts.
Would this be reliable? Why, or why not? I have been googling and found many conflicting ideas on the subject. Thanks for any help you can give.
No, it is not reliable. Because:
Residential customers who aren't specifically paying for a static IP address will often see their addresses change frequently. I'm on AT&T DSL and I see my IP address change roughly twice per month on average
People legitimately sharing an internet connection, whether they're using different workstations in the same office with a T1 line, or they're all connected to the same Wi-fi hotspot at Starbucks, will all have the same IP address.
Related to the above, people who are mobile, such as people who use laptops to connect to Wi-fi at coffee shops, airports, hotels, etc, will have a different IP address for each location they visit.
Even people who stay in one place with a static IP address can spoof your system by using a proxy server or a proxy tool like Tor. This makes IP restrictions trivial to bypass.
No.
Many connections are behind NAT (One public gateway IP address for many people), or use DHCP (frequently changed IP addresses).
An IP address is one of the worst ways of identifying a user.
There is a dicussion board I am part of that bans sock puppets ( that is, multiple accounts by the same user ). They have no means of automatically detecting them, becasue there is no means of definitively identifying them. IP addresses are captured, because they can be used to help identify sock puppets, but I know that the process of identifying these is laborious, manual, and error-prone.
This is only undertaken when there is suspicion that someone is using sock puppets for malicious or disruptive purposes. In your case, there is no real answer other than careful and manual monitoring of usage habits, using the information that you gather about users to attempt to identify suspicious habits. But you also have to accept that 80% of sock puppets will go undetected, and do what you can to warn other users of the possibility.
Your bigger issue, incidentally, may be Munchausen by Internet which we were also caught by.
No, not least because:
IP Addresses can change over time, thanks to DHCP leases expiring.
People access websites from many different locations including home, work, coffee shops, etc.
When behind a NAT firewall or a proxy server, many people can share the same IP address.
Will you have many people registering who are entitled to receive money? I'd suggest a manual verification process using real people if at all possible. If nothing else, you can claim to be exercising due diligence if there's a human involved.
No: for example, any company proxy will only have one external IP address, so everyone registering from within the network will appear to have the same IP address.
Recent legal case perhaps worth reading up on : http://yro.slashdot.org/story/11/05/03/2020205/An-IP-Address-Does-Not-Point-To-a-Person-Judge-Rules
Totally unreliable...
Somebody on dial-up will have a different IP address every time they "dial-up".
DSL users will have a different IP address every time they reset or reconnect their account unless they pay for a static IP.
Many users on a particular LAN will be sharing one public IP address.
A particular user can login from home, work, public hotspot and have a different IP from each location.
I do development for an ASP service, and we have recently went through a required 3rd party security audit to obtain status allowing us to host data for a certain government agency. So if I may share some of the information I gleaned turning the trainings, perhaps it would help.
First, IP addresses can be used to assist in what you are trying to accomplish, but they are definately not good by themselves. An example would be the wireless at McDonalds. Everyone at McDonalds is connected to the same wireless and are using the same public IP address through a NAT, which translates from a local address (i.e. 192.168.0.xxx) to a public address for all computers located behind it. The NAT keeps entries so it knows what traffic is allowed to come back into the network, and which computer it is going to.
We found that a good security measure is to use an encrypted session key that is included with all GET/POST submits. That session key contains a GUID which is a lookup to the current session. So even if someone breaks your session encryption, they still need to guess at a GUID in order to find a valid session. On top of that, by tracking IP addresses, if it changes suddenly, we can immediately invalidate the session (we also have whitelisting in case someone is load balancing multiple internet lines, which can cause the IP to change frequently). A cookie can also be used in place of the IP address tracking, as two people behind the same NAT can potentially hijack each other if they can find a way to steal the other person's session key.
Encrypted cookies are also a good way to enforce security. But make sure you are using a framework that is tried and tested, as they have already closed the known vulnerabilities for you. Believe it or not, our security company told us that .NET has emerged as one of the top secure frameworks that they know of. I almost fell out of my chair when I heard that.
Personally I don't think it'll be reliable.
The main reason will be for those using a shared IP. That includes most users connecting from inside a business and home users connecting through the same WIFI hub.
It's more than likely for multiple users to be coming to your site with the same IP address.
Adding to that the fact that IP addresses change over time and you're already losing track of your users.
It's also worth remembering that oftentimes multiple users will be using the same physical computer. Are you wanting to have only one member of a household able to signup etc?
It could be somewhat useful as part of a defense-in-depth approach, but I wouldn't call it "reliable".
If you want to identify users, you can use a cookie. One solution uses a combination of cookies, local storage, flash, and other state information that can be stored in a browser: http://samy.pl/evercookie/
Nothing is 100% reliable. These cookies can be erased by a determined user, or in some browsers with one click. Ultimately, in many countries outside of the USA, a user has the right not to be tracked.
As an alternative for the future: New IntelĀ® Business Processors Deliver Leading Security, Manageability and Performance
As long as the connection between the browser and the CPU isn't interviened which I believe there is more risk of with a browser than a desktop application.