I am making an EventLog which will log the transaction log in my website. The details of the log will include the Public IP from where the transaction has orginated and also the local IP address (under the public IP).
I have found ways to obtain the Public IP Address, but i am unable to find out the local IP or machine IP from where the transaction is made.
A large number of entries will be done by people using the same connection. ie 5 or 10 computers connected to the same connection.
I need to find the machine IP (192.168.0.1 for 1 system 192.168.0.2 for the next) of the machines making the transactions and also the Computer name...
Is this possible
To clarify, you want the private IP address of a client when the client is connecting through a router? Then no, there isn't a way to do this.
Are you doing this purely to distinguish between different users?
Can you use another method like cookies?
If your client connects from behind a NAT or firewall you cannot reliably get his address or computer name. If you need such information then your protocol should request them as part of the request and the client machine should voluntarily provide them. There is no way to validate the information provided (short of deploying a trusted cryptographic infrastructure, ie. you establish a strong trust in the client machines themselves).
Sadly, the answer is no. No modern browser will present that private address in the HTTP transaction. The client's router which performs the NAT (Network Address Translation) offers only the public client IP address when making the IP connection.
Not likely. See a short discussion in http://javascript.about.com/library/blip.htm
Well yes we are doing this just to differentiate between the computers to know who is doing the entries...
Since you guys say that tracing the IP is not very reliable are there any other methods that i can use to do the same thing
I just need to know from which computer each entry is entered.
Any suggestions would be welcome
You are making the false assumption that there is a way to know from which computer each entry is entered. Nobody has the job of ensuring that this information exists. Often, it will not exist.
The only way to make sure each computer is uniquely identified is for you to identify it. You can do this through client certificates, for instance. In general, if you want each computer to have a unique identifier, then you need to create a unique identifier, then put it on that computer. You then need the computer to send that identifier back.
There is no other unique identifier for computers.
This is probably way beyond what you're looking for but it makes for an interesting read: Remote physical device fingerprinting
This allows you to uniquely identify a remote physical device without its cooperation, across NAT or whatever else you can imagine.
Related
Is it possible for someone to track a dynamic IP address, if so what would it take and how would it manifest?
Would the person doing so be able to log every change in your ip range and eventually end up with the whole set of ip's you are able to have?
Is it possible to make my dynamic ip change in a different pattern, say in a more extreme way, making it harder for someone to trace it as described above? Is it possible to encrypt it somehow, and also all other information such as hardware MAC's / Inet MAC etc. everything.
The answer is yes and no.
In most cases only your service provider (and law enforcement) will have a log of all IPs you had and start/end times of each lease. You basically can't do anything to prevent this because they need to be able to identify you as their customer with a valid contract. This is usually done via MAC address of CPE equipment you get from service provider or by some login credentials (for PPPoE for example). There is no such thing as encrypting the IP and changing your MAC address would not prevent service provider from identifying you. For someone else there is no reliable way to track you. The closest thing they can find is the scope (or scopes) from which dynamic IP addresses are issued.
At the other hand, when you mix the technology and psychology, every one of us leaves the unique fingerprint when browsing the web. If you examine the combination of software someone uses, their traffic patterns (amount of traffic, sites they visit, activity during the day), their behavior and style of writing, etc, you can not just link them to some IP address but make a distinction between different users behind the same IP address. Anyway collecting this data is really hard which makes it improbable, especially if we are talking about ordinary internet users.
I'm looking for a solution to find out about the MAC number of a user using asp.net website. I know you can get an IP address (don't know why but it can't be complicated) but can i find out the MAC address having the IP?
Edit: I mean programmatically (not manually) in .NET
The IP address is necessary for routing the communication between the client system requesting the information and the server. You can get it, because the IP address is pulled from a lower level in the TCP/IP stack (level 3 I believe). The MAC Address isn't necessary for any of this and hence it isn't included in the communication between the client and the server.
If your site is trusted, you can do this in IE:
http://www.devarticles.com/c/a/JavaScript/Advanced-JavaScript-with-Internet-Explorer-Retrieving-Networking-Configuration-Information/1/
I wouldn't expect it to work for any typical visitors, just users who's systems you already control, like on your local network. There may be a second way in IE if you can find a common activex that generates a guid using CoCreateGuid. It returns the mac address in part of the guid. I wouldn't bet on finding one that's commonly installed though.
no chance to get this sorry.
Even if you could it would not make sense to attempt to get this, when I access a website on the internet my MAC address never leaves my home network.
Ok if the user was on the same LAN say in a company intranet for example this could be determined by having the ip address and using command line tools like arp.
ARP stands for Address Resolution Protocol and it can be used for finding a host's link layer (hardware) address when only its Internet Layer (IP) or some other Network Layer address is known.
Java 6 has a NetworkInterface#getHardwareAddress() method which usually returns the MAC address of the computer in question. You could create a small Java applet to communicate with your web server to obtain the MAC address, though there are ways and means of spoofing a MAC address.
The MAC address you get might not be practical to use. If someone has multiple network adapters then they also have multiple MAC addresses. And it's not uncommon anymore that someone has two networks. (For example, bluetooth, regular cabled and WiFi would already be three.)
A MAC address is just for identification and it can be requested. The Address Resolution Protocol is created for this purpose. By arping you can get a MAC address. Unfortunately, this only works on local networks, not on the Internet. I think that by using IPv6, you might also have a few options. Although I think it would still be limited to just a local system.
Getting the MAC address of your visitor might be considered inappropriate and perhaps even criminal since a MAC address is generally used as an unique identifier. This information could be misused by hackers, especially when the hacker manages to gain physical access to the users network. It would allow him to impersonate the user. Your site might make some security specialists very unhappy...
At http://www.ipaddresslocation.org/find-mac-address.php there's a Java applet which they claim will work. It doesn't on my system with Google Chrome, though.
I have a similar problem (I'm using the client device MAC address as a key to target different content at different devices). This thread has been useful. Given that there seems to be no way to do this implicitly I have instead included the MAC address as one of the parameters passed by the client to the web service.
(N.B. This is not a generic answer, it only makes sense where the client and server are tightly integrated and where there is scope for passing data with the call.)
I don't think this is possible on any platform.
Assuming that the IP address that the domain is mapped to is known, are there any advantages to using this known IP address rather than using the domain? What makes the trace routing decision? Because DNS servers translate the domain names to IP addresses I am compelled to say that using an IP address is quicker, albeit unnoticeable. However, because DNS servers process these requests at a high volume and presumably cache the most popular sites I am also compelled to say that a DNS server might know the fastest route to the server which would result in the domain being slightly quicker. I understand that when I am asking which may be faster this quantification may be at the nanosecond or microsecond scale.
Technically, yes. At least the first time. The first time your computer asks the internet "Where is this domain name located?" and some machine out there responds with its IP address.
However, when it gets this response back it keeps a copy (called caching) so it doesn't have to ask again for a while (these things CAN change, but rarely do)
So, if your computer currently has the IP cached, then they are equal. If you don't currently have it IP is faster, but only for the first time in a few days and only a few seconds
As for the question of how the fastest route is picked. There are several routing protocols, most of which take into account several different factors including load on a connection, bandwidth, latency, jitter, and distance. Several others are also possible. Long story short is that the routers of the internet are constantly telling each other that such and such link is down or I just got a new address connected and they have algorithms that the routers run to figure out which way is best.
N.B. A side note is that IP wont always give you access to a certain website: take for instance a site hosted on a hosting service. They rarely have their own specific IP address, but instead requests for lots of different sites could come into one IP. In this case the domain name being requested is used to determine which site to return to the requester
Both of the examples that you gave are correct. Inputting an IP address directly will bypass the need for a DNS lookup, but the advantage you gain by doing this could be pointless if you use an IP address to a popular website which brings you halfway around the world instead of to a server nearby. Ultimately, you wouldn't benefit enough to make it worth your while, especially since your computer will cache the response you receive from the DNS lookup, making the difference 0.
This question was answered pretty well by #PsychoData but I think there's a few things worth noting and restating here:
When using IP, you bypass DNS which will save you the DNS resolution time on the first call until the TTL (Time To Live) expires. TTL is usually 1 hour. The difference is usually not worth noticing in most applications. If you're only making one call, you won't notice the milliseconds delay. If you make multiple calls, all calls after the first won't have the delay.
When entering a name vs IP you can be calling several different Networking daemons including NetBIOS (\ServerX), DNS FQDN (\ServerX.domain.com), DNS Shortname (\ServerX which MAY get automatically lengthened or guessed to the FQDN \ServerX.domain.com by your OS or DNS server)
Microsoft has two primary Authentication Mechanisms in play with SMB shares: NTLMv2 (NTLMv1 and CHAP are insecure) and Kerberos. Depending on lots of configurations on your client, the server, and the authentication server (Active Directory if in play) and the way you called the name, you may get one or the other. Kerberos is generally faster than NTLMv2, at least for repeated calls, as it gets and keeps an authentication token and doesn't need to reauthenticate via password hash each time.
NetBIOS uses different ports than DNS which can play into network latency due to ACLs/routers/Firewalls.
NetBIOS can actually give you a different answer than DNS because it's a different resolution system. Generally the first PC to boot on a subnet will act as the NetBIOS server and a new server can randomly declare itself to the network as the new NetBIOS master. Also \FileShareServer.domain.com wouldn't come back in a NetBIOS lookup as it's not the machine name (ServerX) but a DNS alias.
There's probably even more that I'm missing here but I think you get the idea that a lot of factors can be in play here.
Here is my situation. I am part of a project creating a P2P charity website, where users connect and can give money to one another. Because of the nature of the site, we know scammers are going to be rampant. We have several preventative measure ideas, and one idea that came up was tying an IP address to the user's account. The reason for this would be to be able to detect when someone from the same IP address creates several accounts.
Would this be reliable? Why, or why not? I have been googling and found many conflicting ideas on the subject. Thanks for any help you can give.
No, it is not reliable. Because:
Residential customers who aren't specifically paying for a static IP address will often see their addresses change frequently. I'm on AT&T DSL and I see my IP address change roughly twice per month on average
People legitimately sharing an internet connection, whether they're using different workstations in the same office with a T1 line, or they're all connected to the same Wi-fi hotspot at Starbucks, will all have the same IP address.
Related to the above, people who are mobile, such as people who use laptops to connect to Wi-fi at coffee shops, airports, hotels, etc, will have a different IP address for each location they visit.
Even people who stay in one place with a static IP address can spoof your system by using a proxy server or a proxy tool like Tor. This makes IP restrictions trivial to bypass.
No.
Many connections are behind NAT (One public gateway IP address for many people), or use DHCP (frequently changed IP addresses).
An IP address is one of the worst ways of identifying a user.
There is a dicussion board I am part of that bans sock puppets ( that is, multiple accounts by the same user ). They have no means of automatically detecting them, becasue there is no means of definitively identifying them. IP addresses are captured, because they can be used to help identify sock puppets, but I know that the process of identifying these is laborious, manual, and error-prone.
This is only undertaken when there is suspicion that someone is using sock puppets for malicious or disruptive purposes. In your case, there is no real answer other than careful and manual monitoring of usage habits, using the information that you gather about users to attempt to identify suspicious habits. But you also have to accept that 80% of sock puppets will go undetected, and do what you can to warn other users of the possibility.
Your bigger issue, incidentally, may be Munchausen by Internet which we were also caught by.
No, not least because:
IP Addresses can change over time, thanks to DHCP leases expiring.
People access websites from many different locations including home, work, coffee shops, etc.
When behind a NAT firewall or a proxy server, many people can share the same IP address.
Will you have many people registering who are entitled to receive money? I'd suggest a manual verification process using real people if at all possible. If nothing else, you can claim to be exercising due diligence if there's a human involved.
No: for example, any company proxy will only have one external IP address, so everyone registering from within the network will appear to have the same IP address.
Recent legal case perhaps worth reading up on : http://yro.slashdot.org/story/11/05/03/2020205/An-IP-Address-Does-Not-Point-To-a-Person-Judge-Rules
Totally unreliable...
Somebody on dial-up will have a different IP address every time they "dial-up".
DSL users will have a different IP address every time they reset or reconnect their account unless they pay for a static IP.
Many users on a particular LAN will be sharing one public IP address.
A particular user can login from home, work, public hotspot and have a different IP from each location.
I do development for an ASP service, and we have recently went through a required 3rd party security audit to obtain status allowing us to host data for a certain government agency. So if I may share some of the information I gleaned turning the trainings, perhaps it would help.
First, IP addresses can be used to assist in what you are trying to accomplish, but they are definately not good by themselves. An example would be the wireless at McDonalds. Everyone at McDonalds is connected to the same wireless and are using the same public IP address through a NAT, which translates from a local address (i.e. 192.168.0.xxx) to a public address for all computers located behind it. The NAT keeps entries so it knows what traffic is allowed to come back into the network, and which computer it is going to.
We found that a good security measure is to use an encrypted session key that is included with all GET/POST submits. That session key contains a GUID which is a lookup to the current session. So even if someone breaks your session encryption, they still need to guess at a GUID in order to find a valid session. On top of that, by tracking IP addresses, if it changes suddenly, we can immediately invalidate the session (we also have whitelisting in case someone is load balancing multiple internet lines, which can cause the IP to change frequently). A cookie can also be used in place of the IP address tracking, as two people behind the same NAT can potentially hijack each other if they can find a way to steal the other person's session key.
Encrypted cookies are also a good way to enforce security. But make sure you are using a framework that is tried and tested, as they have already closed the known vulnerabilities for you. Believe it or not, our security company told us that .NET has emerged as one of the top secure frameworks that they know of. I almost fell out of my chair when I heard that.
Personally I don't think it'll be reliable.
The main reason will be for those using a shared IP. That includes most users connecting from inside a business and home users connecting through the same WIFI hub.
It's more than likely for multiple users to be coming to your site with the same IP address.
Adding to that the fact that IP addresses change over time and you're already losing track of your users.
It's also worth remembering that oftentimes multiple users will be using the same physical computer. Are you wanting to have only one member of a household able to signup etc?
It could be somewhat useful as part of a defense-in-depth approach, but I wouldn't call it "reliable".
If you want to identify users, you can use a cookie. One solution uses a combination of cookies, local storage, flash, and other state information that can be stored in a browser: http://samy.pl/evercookie/
Nothing is 100% reliable. These cookies can be erased by a determined user, or in some browsers with one click. Ultimately, in many countries outside of the USA, a user has the right not to be tracked.
As an alternative for the future: New IntelĀ® Business Processors Deliver Leading Security, Manageability and Performance
As long as the connection between the browser and the CPU isn't interviened which I believe there is more risk of with a browser than a desktop application.
Is it possible to know network card id of the user host computer from where the request is coming like IP address. I am interesting to know if it is possible at IIS or asp.net level or any other possible way of knowing it?
As far as getting network card information is concerned, I see little hope for you here seeing as a client's hardware profile is not something naturally pushed down the wire as a matter of course, however see:
HttpContext.Current.Request.UserHostAddress
Or
HttpContext.Current.Request.ServerVariables("remote_addr")
This value will give you the IP address of the calling client, although they may be hitting you through a proxy and therefore can't be guaranteed to be a machine specific address.
If by "network card ID" you mean the Ethernet MAC address, that's assuming a particular technology on the remote side that you have no way of knowing whether or not it is used. Sure, Ethernet is used pretty much everywhere these days, but are you willing to limit yourself to clients that use that particular hardware architecture? So even if it were possible, I doubt you'd want to go down that route.
If what you want is a unique identifier per client computer, you are probably better off issuing some sort of token yourself. A cookie with a randomly generated session ID should work fairly well.