Home page logo
/

basics logo Security Basics mailing list archives

Re: security based on IP address
From: JGrimshaw () ASAP com
Date: Mon, 1 Mar 2004 14:53:15 -0600

Hi Amit,

I agree with you that your ISP very likely provides an internet protocol 
address for access to the internet.  I have not seen many other ways of 
connecting.

When you say static, does this mean that you have manually entered in your 
own address, including DNS, gateway, subnet mask and other such settings?

To answer your questions:

1) It is highly likely that if they are assigning static addresses, that 
you also had to provide the MAC address of the device that is connecting 
to them, or that your service provider technician phoned that data in when 
setting up your connection.  My cable modem provider required a MAC 
address, and it is associated to me.  At work my router indeed has a 
static address, but if I want the correct traffic to reach me, I have to 
use it.  But your question appears to be about getting free service, so I 
will continue rather than detract.

I would have to expect that they would notice if your MAC address suddenly 
came up with another IP address associated with it.  Even if they did not 
ask you, they could have captured it at their router or proxy closest to 
you.  The MAC address exists in their switch tables regardless of whether 
or not someone asked you.

2) You can type in any static address that you desire, but if it is in 
use, you will most certainly come into constraints.  Let's pretend you 
chose to use 207.46.245.214 as your address, and that 207.46.245 /24 is 
your network address.  I am thinking the owner of that address would be 
come angry with you.
Also, messages will pop up on any other device with such an IP address 
already in use.  Likely, that customer will call the ISP and question why 
this is happening if they were statically assigned a special IP just for 
them. 

The ISP will look in their proxy or router tables, and find your 
previously used MAC address.  Then you will have to talk your way out of a 
hard situation.  You could very likely be charged with one of those new 
Cybercrime laws.  Not good.

3) (You did not ask a 3, but I know you are thinking it), You COULD use a 
different MAC address, be it a different card, dls modem, cable modem, 
router or what-have-you, but the situation would still persist.  They 
would recognize the address is not a valid one on their network, and ban 
or delete it from their proxy/router. 

Furthermore, with this case as well as your second question, their 
technical staff would be able to examine their ARP table to determine 
where the MAC was connecting from (a given port on a switch, loc, and so 
forth), and trace it back to where your physical connection resides. 

If you recall the story about Teekid (the Blaster variant author[I think 
that was his nickname]), they just found his name in the virus, associated 
his name with an IP address from security forum posts and IRC chats, took 
the IP to the ISP, and within a short time went to his house and took him 
away.  His parents continually stated that he was not a genius and could 
not have written viruses, but geniuses generally do not get caught, I 
think, nor do they post their intentions before carrying out such actions. 
 

I would not advise in engaging in such activities. 





Amit Sharma <amit.sharma () linuxwaves com> 
02/29/2004 02:02 AM

To
security-basics () securityfocus com
cc

Subject
security based on IP address








Hi there,



My ISP provides internet access based on IP address. As in, he gives 
static IP addresses to its customers and allows/disallow internet access 
based on the same.





1. What am wondering at is, what if my ip address is blocked but I take 
over somebody else's ip address and try to connect to the internet? Will 
the ISP's proxy detect this?



This leads to the second question..

2. Can I take over the ip address of a system that is already up?





Gracias,

Amit

---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, 
VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with 
Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost 
of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_security-basics_040301
----------------------------------------------------------------------------




---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_security-basics_040301
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]