Re: security based on IP address

• Previous message: Yvan Boily: "RE: Port Knocking questions"
• In reply to: Amit Sharma: "security based on IP address"
• Next in thread: Aditya, ALD [Aditya Lalit Deshmukh]: "RE: security based on IP address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Amit Sharma <amit.sharma@linuxwaves.com>
Date: Mon, 1 Mar 2004 14:53:15 -0600

Hi Amit,

I agree with you that your ISP very likely provides an internet protocol
address for access to the internet. I have not seen many other ways of
connecting.

When you say static, does this mean that you have manually entered in your
own address, including DNS, gateway, subnet mask and other such settings?

To answer your questions:

1) It is highly likely that if they are assigning static addresses, that
you also had to provide the MAC address of the device that is connecting
to them, or that your service provider technician phoned that data in when
setting up your connection. My cable modem provider required a MAC
address, and it is associated to me. At work my router indeed has a
static address, but if I want the correct traffic to reach me, I have to
use it. But your question appears to be about getting free service, so I
will continue rather than detract.

I would have to expect that they would notice if your MAC address suddenly
came up with another IP address associated with it. Even if they did not
ask you, they could have captured it at their router or proxy closest to
you. The MAC address exists in their switch tables regardless of whether
or not someone asked you.

2) You can type in any static address that you desire, but if it is in
use, you will most certainly come into constraints. Let's pretend you
chose to use 207.46.245.214 as your address, and that 207.46.245 /24 is
your network address. I am thinking the owner of that address would be
come angry with you.
Also, messages will pop up on any other device with such an IP address
already in use. Likely, that customer will call the ISP and question why
this is happening if they were statically assigned a special IP just for
them.

The ISP will look in their proxy or router tables, and find your
previously used MAC address. Then you will have to talk your way out of a
hard situation. You could very likely be charged with one of those new
Cybercrime laws. Not good.

3) (You did not ask a 3, but I know you are thinking it), You COULD use a
different MAC address, be it a different card, dls modem, cable modem,
router or what-have-you, but the situation would still persist. They
would recognize the address is not a valid one on their network, and ban
or delete it from their proxy/router.

Furthermore, with this case as well as your second question, their
technical staff would be able to examine their ARP table to determine
where the MAC was connecting from (a given port on a switch, loc, and so
forth), and trace it back to where your physical connection resides.

If you recall the story about Teekid (the Blaster variant author[I think
that was his nickname]), they just found his name in the virus, associated
his name with an IP address from security forum posts and IRC chats, took
the IP to the ISP, and within a short time went to his house and took him
away. His parents continually stated that he was not a genius and could
not have written viruses, but geniuses generally do not get caught, I
think, nor do they post their intentions before carrying out such actions.
 

I would not advise in engaging in such activities.

Amit Sharma <amit.sharma@linuxwaves.com>
02/29/2004 02:02 AM

To
security-basics@securityfocus.com
cc

Subject
security based on IP address

Hi there,

My ISP provides internet access based on IP address. As in, he gives
static IP addresses to its customers and allows/disallow internet access
based on the same.

1. What am wondering at is, what if my ip address is blocked but I take
over somebody else's ip address and try to connect to the internet? Will
the ISP's proxy detect this?

This leads to the second question..

2. Can I take over the ip address of a system that is already up?

Gracias,

Amit

---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering,
VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with
Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost
of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_security-basics_040301
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_security-basics_040301
----------------------------------------------------------------------------

• Previous message: Yvan Boily: "RE: Port Knocking questions"
• In reply to: Amit Sharma: "security based on IP address"
• Next in thread: Aditya, ALD [Aditya Lalit Deshmukh]: "RE: security based on IP address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]