Question About IP Addresses

  • Lesley18
  • Novice
  • Novice
  • User avatar
  • Posts: 19
  • Loc: Eastern Canada

Post 3+ Months Ago

I'm not sure if this is in the right forum so feel free to move it to where it might belong.

I have a member on my forum who we suspect isn't who she says she is. I checked her IP address which is recorde with every post and it says it is from Manitoba when she's been telling us she lives in Califoria for months. Her IP hasn't changed, it's the same one for each post so I asked her about it. She told me her dad is an important lawyer so he has a program on her computer that hides her IP address. If this were true wouldn't I not be able to see an address at all?? She says the way it "Hides" it is that it says it is from somewhere else so people can't hack into their files. Does that type of program even exist?? i know there's a way to hide your IP address but can it actually say it's from one country when you're in another? This all sounds like utter garbage to me so I thought I would ask someone in here since you've helped me so much in the past. If anyone has any info on this matter or can point me in the direction of someone who does I would really appreciate it. Thank you!
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • veryhip
  • Newbie
  • Newbie
  • veryhip
  • Posts: 11
  • Loc: Atlanta, GA

Post 3+ Months Ago

I could use a proxy server to view your site and I can choose from either many 'anonymous proxies' or I could use my server and install a proxy on it, then I would look like I was coming from my server, when in fact I'm on the other side of the USA.... or Manitoba. I could probably find an anonymous proxy in Manitoba. If you are the server admin, you can look for her sending a header like:

X-Forwarded-For: 192.1.2.3

or whatever the IP is. This is what the proxy server would send if it were not "completely" anonymous. If it is completely anonymous, it will not send this header to keep the user from being known. You can run a port scan on the IP she is using. Sometimes, port 3128 is used for proxying. Also 8080, and of course 80. If you really want to take it to the next level, contact the server admin of the proxy if you determine that there is a proxy server and ask if they would examine their logs and get her real IP for you =]. You can do alot with the internet, and communicate with whoever you like whenever in real time!
  • _Leo_
  • Proficient
  • Proficient
  • User avatar
  • Posts: 279
  • Loc: Buenos Aires, Argentina

Post 3+ Months Ago

The fact is, any user with such a story must not be trusted. :)
  • Axe
  • Genius
  • Genius
  • User avatar
  • Posts: 5739
  • Loc: Sub-level 28

Post 3+ Months Ago

Yup, I agree...

Either the person is in Manitoba, and is BSing you, or the person is in Cali, and simply going through somebody else's insecure proxy/router (technically illegal).

You can't spoof an IP address in a different physical location, you can only route through it.

And if her dad is indeed a lawyer, he's obviously a criminal defense attorney... He seems to have no problem stealing somebody else's bandwidth to route his internet connection through :)
  • waggy
  • Newbie
  • Newbie
  • User avatar
  • Posts: 13

Post 3+ Months Ago

You can't hide behind a proxy server. The connection you use still has an IP address to assigned by your ISP.

If I wanted to find out your IP, I would just traceroute to you. I would see your ISP's information and run a WHOIS. I would then report the abuse to your ISP and give them the IP address to your connection, regardless of what your proxy server told me.

Remember, traffic across the net uses the IP protocol. To get from A to B, I have to know the return IP address. If the packet you want gets to you, anyone else can as well.
  • DuckIT
  • Graduate
  • Graduate
  • User avatar
  • Posts: 155
  • Loc: London, UK

Post 3+ Months Ago

Actually you can do what veryhip said. The whole point of a proxy is that it well, proxies!

The way it would work is I send a packet destined for forum-x and it goes first hits my anonymous proxy server (proxy-x). My proxy server recieves my packet & notes the source (me) and destination (forum-x). The proxy then basically replaces the source address with proxy-x and sends it on to forum-x.

Forum-X recieves my packet and thinks I came from proxy-x and thus sends any packes back to proxy-x. Proxy-x then just forwards any packets from forum-x back to me using my port number as an identifier.

Of course the above is simplified somewhat. I know of no way of finding out the senders IP address if they are using a truly anonymous proxy!

Its easy to do too. Doing a search for 'anonymous proxy list' in Google gives many returns. The below link for instance. I don't know if these are public proxies though or just open proxies that people have discovered!


http://www.samair.ru/xwww/proxy.htm

Using the above I set 200.42.10.214:80 as my proxy. If I go onto GRC.com and use shields up to scan me it shows 200.42.10.214 as my IP address. Using a friends network to tracert to me also shows me as 200.42.10.214, so yes it is entirely possible that this person is in California!

S

Trace below - both networks are in the UK (first 2 lines chopped to protect the innnocent!):

=================================================


3 33 ms 29 ms 30 ms vianetworks1-hg2.manchester.broadband.bt.net [21
7.32.57.73]
4 27 ms 29 ms 26 ms 217.32.57.34
5 30 ms 29 ms 34 ms 217.32.57.110
6 34 ms * 30 ms vr240war.uk.vianw.net [195.102.240.1]
7 32 ms 30 ms 32 ms rt001war.uk.vianw.net [195.102.254.205]
8 39 ms 40 ms 36 ms rt001thl.uk.vianw.net [195.102.254.54]
9 38 ms 43 ms 37 ms r2thl.vianw.net [213.2.253.2]
10 39 ms 42 ms 39 ms r1thl.vianw.net [213.2.253.1]
11 41 ms 36 ms 38 ms ldn-s2-rou-1001.UK.eurorings.net [134.222.109.19
3]
12 40 ms 44 ms 39 ms ldn-s2-rou-1001.UK.eurorings.net [134.222.231.61
]
13 48 ms 47 ms 49 ms obl-rou-1003.NL.eurorings.net [134.222.230.145]

14 49 ms 47 ms 44 ms ledn-rou-1001.NL.eurorings.net [134.222.229.237]

15 125 ms 128 ms 127 ms ewr-brdr-02.inet.qwest.net [134.222.254.2]
16 127 ms 129 ms 123 ms ewr-core-01.inet.qwest.net [205.171.17.125]
17 128 ms 126 ms 125 ms jfk-core-02.inet.qwest.net [205.171.8.246]
18 124 ms 127 ms 124 ms jfk-brdr-01.inet.qwest.net [205.171.30.18]
19 129 ms 127 ms 128 ms 205.171.4.10
20 126 ms 127 ms 129 ms 0.so-6-1-0.XL2.NYC8.ALTER.NET [152.63.19.50]
21 127 ms 125 ms 128 ms 0.so-1-0-0.TL2.NYC8.ALTER.NET [152.63.0.169]
22 150 ms 148 ms 146 ms 0.so-7-0-0.TL2.ATL5.ALTER.NET [152.63.146.41]
23 165 ms 162 ms 161 ms 0.so-2-2-0.XL2.MIA4.ALTER.NET [152.63.81.82]
24 163 ms 162 ms 161 ms 0.so-3-0-0.XR2.MIA4.ALTER.NET [152.63.101.45]
25 164 ms 162 ms 164 ms 207.ATM4-0.IH4.MIA4.ALTER.NET [152.63.7.129]
26 165 ms 162 ms 161 ms 0.so-1-0-0.IL2.MIA6.LAC.ALTER.NET [152.63.83.33]

27 295 ms 295 ms 292 ms 0.so-1-0-0.TL2.AEP1.LAC.ALTER.NET [64.116.36.22]

28 295 ms 293 ms 293 ms 0.so-1-2-0.XR2.AEP1.LAC.ALTER.NET [64.116.40.229
]
29 291 ms 296 ms 293 ms POS12-0-0.GW1.AEP1.LAC.ALTER.NET [64.116.40.237]

30 299 ms 293 ms 294 ms prima-gw.customer.LAC.ALTER.NET [200.58.49.62]
31 298 ms 294 ms 296 ms lima7-fe6-0-0.prima.net.ar [200.42.95.71]
32 * * * Request timed out.
33 327 ms * 390 ms 200-42-10-210.prima.net.ar [200.42.10.210]
34 317 ms 329 ms 404 ms 200-42-10-214.prima.net.ar [200.42.10.214]
  • Axe
  • Genius
  • Genius
  • User avatar
  • Posts: 5739
  • Loc: Sub-level 28

Post 3+ Months Ago

waggy wrote:
You can't hide behind a proxy server. The connection you use still has an IP address to assigned by your ISP.

Yes you can. A SOCKS proxy, for example, offers no information regarding the originiating IP, only its IP.

Insecure WinGates, Cisco routers, hacked shells on *nix boxes, they also don't provide any information with regard to who the originating address is when connections are being passed along elsewhere.

In this instance, traffic isn't just going from Point A to Point B. It's going from Point A to Point B to Point C, and back through the same chain.
  • Lesley18
  • Novice
  • Novice
  • User avatar
  • Posts: 19
  • Loc: Eastern Canada

Post 3+ Months Ago

Wow, thanks for all your help, I certainly learned a lot about proxies, lol. So basically what you guys are saying is that I have no way to figure out if she's lying to me, she could very well be in Cali. I find WHOIS a little confusing, and I don't know how to run a port scan, could you tell me how or give me some sites that explain? Sorry to be a pain, you guys are a great help though, I've just had it up to here with imposters on my forums, and I know a lot of my members would like to see this user booted. Thanks, I'll check back soon!
  • DuckIT
  • Graduate
  • Graduate
  • User avatar
  • Posts: 155
  • Loc: London, UK

Post 3+ Months Ago

Just having a think about it, but what I would try is to use her proxy address as your proxy as a test.

If you have some kind of router then in Internet Explorer click tools, then 'Internet Options' then 'connections' then 'Lan settings' then tick the box that says 'Use a proxy server for your lan' and enter the IP address of her proxy into the box. For the port number try 80 then click ok then ok and try and browse the net. If it doesnt work, go back in and try 8080 in the port box (leave IP the same) and the same after for 8081 & 8181.

If your on a dial-up then its the same but on the connections page, instead of choosing 'Lan settings' click your dial-up connection from the list at the top and click settings. Everything else is the same.

Important! If you can proxy through this server then it proves she is on a proxy server of some description BUT if you can't then it doesn't prove she is lying! It could be that you have to have an account with the company that owns the proxy to proxy through it or any one of a number of things that could be stopping you.

S
  • waggy
  • Newbie
  • Newbie
  • User avatar
  • Posts: 13

Post 3+ Months Ago

DuckIT it seems we were talking about two different types of proxy servers. My bad for not reading properly. If someone is hiding behind a anonymous proxy there are still ways of finding someones originating ip if you are willing to spend time doing this.

If the proxy is a simple one this php code may work:


function get_ip_address() {

if(getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown")){

$ip = getenv("HTTP_CLIENT_IP");

}

elseif(getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown")){

$ip = getenv("HTTP_X_FORWARDED_FOR");

}

elseif(getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown")){

$ip = getenv("REMOTE_ADDR");

}

elseif(isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown")){

$ip = $_SERVER['REMOTE_ADDR'];

}

else {

$ip = "Unknown";

}

return $ip;
}

echo get_ip_address();


If not you can use Java or ActiveX applets/scripts to detect thier IP address. And since these applets run on their local machine, 50 different proxy server will not protect them. They still could disable Java and ActiveX controls in thier browser but you could just make your site unviewable without it. If they want in badly enough they will enable it otherwise the are gone forever.


So either way you get what you want.

Anyone who thinks they have hidden their public ip test themselves here:

http://www.proxyblind.org/javaip.shtml
  • Axe
  • Genius
  • Genius
  • User avatar
  • Posts: 5739
  • Loc: Sub-level 28

Post 3+ Months Ago

Yup, some proxies do support a forwarded-for address allowing you to see the originating IP, but not all of 'em.
  • waggy
  • Newbie
  • Newbie
  • User avatar
  • Posts: 13

Post 3+ Months Ago

If all else fails the active x /java script will not fail unless the user has disabled active x and java in their browser. The script runs on their local pc, pretty much full blown spying, but if users want to get smart get smarter. Like I said if they dont have active x/java enabled then they will not be able to view your site, you could write that into the the script as another function.

End result users real ip or no user at all.

Post Information

  • Total Posts in this topic: 12 posts
  • Users browsing this forum: No registered users and 53 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.