General discussion

Locked

How Can They See My "Real IP"?

By VinceG ·
Hello,

Up front, please forgive me if this question has been asked & answered already, I searched but didn't find anything directly relating to it.

I run a website and discussion board, and recently I've been getting people visiting & posting that have caused some trouble. Tracing their IPs comes up with little sometimes, especially when they appear to be using AOL.

Additionally, and more to the point, there are some users on my message board who deliberately use proxy servers (and have told me so) because they wish to remain anonymous from other users. BTW, I have the "display IP address" turned off on user's posts, so they can't see each other's IP addresses... or so we thought.

Someone now claims they can see some of these users' "real IP" address, as well as their computer name, even though the public display of IPs is turned off!

To figure this out, I've come across www.getip.com, which from my tests, shows not only the public IP that my connection broadcasts, but also the internal IP that the connection's router is handing my PC, AND that connection's "real IP". I've tried this out with different types of public proxy servers, but regardless of type, this website still displays my connection's real IP in their "real IP" section, the valid DHCP address in the "internal IP", and the proxy server's IP in the "external IP" line.

Thanks for muddling through my explanation, just to get to this question: can anyone out there tell me HOW these people, and "getip.com", doing this? Is there some sort of javascript or ActiveX control doing this, or is it some sort of server-side script polling the connection for different ports? And -- how can I advise my "anonymity seekers" on my board to protect themselves from people looking at their posts and grabbing (though I fail to see how) their IPs and from that, their "real IP" through their proxy servers, as well as their DHCP addresses and computer names?

Thanks much!

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to How Can They See My "Real ...

one way is to capture packets and read the information contained in the packet. The packets contain information regarding source and destination addresses [including host addresses]. That is one way someone could "see" real IP addresses. Often consumers do not take precautionary measures to safeguard their system hence a "knowledgeable" individual can compromise or obtain information from those systems.

Collapse -

by CG IT In reply to

to really understand how someone can hide who they are, one must understand packet technology and what goes into a packet send over the internet and how those packets can be maniuplated by modifing the data contained in the packet[spoofing comes to mind].

A proxy server is nothing more than a server that acts on behalf of another computer to obtain data. Therefore, to really "hide" who one is, one must obtain control over anothers computer and use that computer [a proxy] to send or receive data [the blame falls on the proxy].

Collapse -

by lowlands In reply to How Can They See My "Real ...

And if one of your discussion board users claims they can see real ip/hostname of other posters on your board, it is most likely that your system has been compromised.

It is one thing to make a connection to getip.com and have that site find your IP. That at least is a direct connection. That is not the case for two seperate users on your board. Their computers should not connect directly to one another (unless of course the talk using msn, icq or whatever else).

It might be possible to get the connection information, but someone would somehow have to have pretty high level access to your web/discussion board server. And depending on your setup, that might be easier than you think.

There is also the option that your board user is just full of it.

Collapse -

by B_Pope In reply to How Can They See My "Real ...

Well I visited getip.com twice.

The first time it wanted to run a Java applet & I blocked it. All they were able to display was my external IP & my country. They failed to identify my city (off the mark by 200+ miles), they got my browser but not the correct version & they named my provider, they claimed my external IP was also my LAN IP (wrong) all very useless info.

For the second visit I changed my external IP (which I do frequently) to one that has no reverse DNS, & allowed the Java applet. Well it was the same results, they could see my external IP & claimed it was also my LAN IP again, wrong.

If getip.com is seeing your LAN IP you better review your own security. There are no activeX or scripts running at getip.com, the Java applet also has no bearing on them seeing your LAN IP.

The reason I'm sure it's your own security is because I have my firewall configured to popup a warning for all ActiveX, scripts & Java applets & only the Java message appeared.

I'd say you have some very large holes to patch in your PC & websites configuration.

Back to Security Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums