IP addys.
#1
Scooby Regular
Thread Starter
Join Date: Jul 2003
Location: ..
Posts: 3,412
Likes: 0
Received 0 Likes
on
0 Posts
On one website it logged my IP addy as : 172:185:126:26
On another website it logged my IP addy as : 195:93:33:7
And on a sent email it logged my IP addy as : 172:188:179:172
As each number is different, does this mean my Ip address is impossible to trace back to my aol account?
Its a dial up BTW.
On another website it logged my IP addy as : 195:93:33:7
And on a sent email it logged my IP addy as : 172:188:179:172
As each number is different, does this mean my Ip address is impossible to trace back to my aol account?
Its a dial up BTW.
#2
Scooby Regular
Join Date: Oct 2001
Location: Western Canada
Posts: 3,344
Likes: 0
Received 0 Likes
on
0 Posts
#4
Your IP address will probably be different every time you dial up as IP addresses will be allocated from a pool (a huge one in AOL's case).
However, they do keep records of which username was using which IP address at any given time. They will also more than likely log phone numbers as well.
However, they do keep records of which username was using which IP address at any given time. They will also more than likely log phone numbers as well.
#6
Scooby Regular
Join Date: Sep 2002
Location: The biosphere
Posts: 7,824
Likes: 0
Received 0 Likes
on
0 Posts
But a normal company/website would find it difficult to trace my details, right?
cache-loh-ab02.proxy.aol.com
inetnum: 195.93.0.0 - 195.93.63.255
netname: AOL-EU-1
descr: AOL Inc
country: US
admin-c: AOL5-RIPE
tech-c: AOL5-RIPE
status: ASSIGNED PA
mnt-by: AOL-EU-MNT
mnt-lower: AOL-EU-MNT
changed: domains@aol.net 20000220
changed: domains@aol.net 20000621
source: RIPE
route: 195.93.0.0/17
descr: AOL International Operations, Europe
origin: AS8292
mnt-by: MAINT-ANSUK
changed: tar@ans.net 19970519
changed: sirving@ans.net 19980720
source: RIPE
person: AOL NOC
address: America Online Inc.
address: 22080 Pacific Blvd
address: Sterling, VA 20166
address: USA
phone: +1 703 265 4670
e-mail: domains@aol.net
nic-hdl: AOL5-RIPE
mnt-by: AOL-EU-MNT
changed: domains@aol.net 20000621
source: RIPE
#7
Scooby Regular
However, they do keep records of which username was using which IP address at any given time. They will also more than likely log phone numbers as well.
Edit to add, the above hostname is that of an AOL proxy, to get the IP address of the actual end-user at the time is a bit more difficult. The only way you (AOL) could do it is to marry the logfiles provided by the remote web server with the proxy logfiles at AOL and work out the user that way. Even if AOL forward the original requestors IP address in an X-header that header wouldn't be logged anywhere, someone would have to go through and physically match the logfile entries to find out who it is.
Steve.
[Edited by stevencotton - 12/16/2003 6:48:28 PM]
Trending Topics
#8
Its worth noting that although you've seen three different addresses on those three occasions, they are all ultimately accountable to AOL as investigation has shown, and it is there own internal logging that would track you down if required.
So to answer your question: yes. Any single webmaster wanting to investigate would have a hard job doing so on only that. With the right justification AOL would probably get involved and are certainly legally bound to keep such records in order to absolve themself from prosecution.
[Edited by Ian Griffiths - 12/17/2003 1:23:32 AM]
So to answer your question: yes. Any single webmaster wanting to investigate would have a hard job doing so on only that. With the right justification AOL would probably get involved and are certainly legally bound to keep such records in order to absolve themself from prosecution.
[Edited by Ian Griffiths - 12/17/2003 1:23:32 AM]
#12
Interesting topic and its almost on topic so I'm going to chance it:
I get entries in my access logs from IP for example 10.100.4.5 which are clearly private. I can half see how this is happening and I'm pleased that my server is that clever. However, these are very anonymous if I don't know what network they're from! Any suggestions?
I get entries in my access logs from IP for example 10.100.4.5 which are clearly private. I can half see how this is happening and I'm pleased that my server is that clever. However, these are very anonymous if I don't know what network they're from! Any suggestions?
#13
It's also possible that the site was picking up one or more routers/proxies between you and the site.
You will only leave the address of a proxy if you are connected to that proxy. Unless you specify this, the AOL proxy will be the last one you connect to.
I get entries in my access logs from IP for example 10.100.4.5 which are clearly private. I can half see how this is happening and I'm pleased that my server is that clever. However, these are very anonymous if I don't know what network they're from! Any suggestions?
If your getting these logs there is really only one reasons
for this. The source IP is spoofed, this is strange as this is only generally done in DoS or MITM attacks.
Is your logging software running correctly?
What is this your saying about 'half understanding' and 'a clever server'? Maybe that will shed a little more light on the situation?
[Edited by Gedi - 12/17/2003 9:42:25 PM]
#14
Source IP is not spoofed, one such culprit in these remote addresses is my place of employment where I know enough about the network to know that this is not the intention. Furthermore the addresses that I see logged from here are correct and valid within that network - just obviously not the right thing to be seeing outside.
My half understanding relates to the fact that this is predictable behaviour - these IP addresses are actually correct if you consider complete end point of the route. However, my understanding of networks set up like this was that all machines appear as one externally assigned address - exactly as my home machines do. They all assume the identify of my statically assigned broadband IP externally.
The clever server I refer to is the one that manages to get inside the network to see these internal IPs although I do appreciate the problem is probably more that the network is giving away addresses rather than my server is probing intelligently.
Logging software is simply message board software considering PHP environment varibles, REMOTE_ADDR etc.
My half understanding relates to the fact that this is predictable behaviour - these IP addresses are actually correct if you consider complete end point of the route. However, my understanding of networks set up like this was that all machines appear as one externally assigned address - exactly as my home machines do. They all assume the identify of my statically assigned broadband IP externally.
The clever server I refer to is the one that manages to get inside the network to see these internal IPs although I do appreciate the problem is probably more that the network is giving away addresses rather than my server is probing intelligently.
Logging software is simply message board software considering PHP environment varibles, REMOTE_ADDR etc.
#15
Proxies embed the original address inside the HTTP request. - "X-Forwarded for" header unless explicity configured not to.
Freeserve for instance leave it there and a 3line php script on my own web server shows the detail....
REMOTE_ADDR 195.92.67.208
X_FORWARDED_FOR 81.76.182.128
HTTP_VIA 1.1 webcacheH08 (NetCache NetApp/5.3.1R2)
Deano
Freeserve for instance leave it there and a 3line php script on my own web server shows the detail....
REMOTE_ADDR 195.92.67.208
X_FORWARDED_FOR 81.76.182.128
HTTP_VIA 1.1 webcacheH08 (NetCache NetApp/5.3.1R2)
Deano
#16
just obviously not the right thing to be seeing outside
my understanding of networks set up like this was that all machines appear as one externally assigned address - exactly as my home machines do. They all assume the identify of my statically assigned broadband IP externally.
The clever server I refer to is the one that manages to get inside the network to see these internal IPs although I do appreciate the problem is probably more that the network is giving away addresses rather than my server is probing intelligently
Whatever the case, unless you have a direct connection with your works network, you would not see any of their internal IP addresses on your logging software.
[Edited by Gedi - 12/18/2003 8:28:26 AM]
#17
Whatever the case, unless you have a direct connection with your works network, you would not see any of their internal IP addresses on your logging software
Deano
#18
Yes, i'm not disputing that. Unless running high anonimity, HTTP proxies have this option enabled.
My point is, why would a simple php script be looking for this. Under normal circumstances, it will log the source header only.
My point is, why would a simple php script be looking for this. Under normal circumstances, it will log the source header only.
#19
Scooby Regular
Join Date: Mar 2001
Location: Berkshire
Posts: 5,528
Likes: 0
Received 0 Likes
on
0 Posts
chaos
when a website logs your IP address, scribble it down. open a DOS window and type "ipconfig". This is what your network adapter thinks its IP address is. It will give you the IP address for your PPP dialup modem connection.
Dave
when a website logs your IP address, scribble it down. open a DOS window and type "ipconfig". This is what your network adapter thinks its IP address is. It will give you the IP address for your PPP dialup modem connection.
Dave
#20
Scooby Senior
Join Date: Oct 2000
Location: Zurich, Switzerland
Posts: 3,105
Likes: 0
Received 0 Likes
on
0 Posts
Re. picking up private addresses in public space - tunnel software installed on the client and non-standard bindings?
While the restricted internal address could never really be used as the source on the net, if the logging software is asking the client then the client is apt to provide wrong information
Edit to add: ...and depending which 'logging' software is asking the question, maybe it's the right information
Richard
[Edited by dowser - 12/18/2003 12:15:45 PM]
While the restricted internal address could never really be used as the source on the net, if the logging software is asking the client then the client is apt to provide wrong information
Edit to add: ...and depending which 'logging' software is asking the question, maybe it's the right information
Richard
[Edited by dowser - 12/18/2003 12:15:45 PM]
#21
Gedi - these *are* local addresses.
My machine in work has a 10.x.x.x address - local.
The web server I administer as a hobby, completely unrelated to my employment and nowhere near work network-wise is able to see this 10.x.x.x address.
This is both very good and very bad. Very good as I can track down to last machine instead of cache/router etc. This is also very bad as without knowing what network the request originates from, I'm stuck.
Take a look at this image if you have some time - its the feature in the board for approving registrations. I've circled the strange ones.
http://www.corsasport.co.uk/misc/internaladdresses.gif
I'm going to have a look at exactly what is being logged as per Deanos reply.
Cheers all.
[Edited by Ian Griffiths - 12/18/2003 7:09:54 PM]
My machine in work has a 10.x.x.x address - local.
The web server I administer as a hobby, completely unrelated to my employment and nowhere near work network-wise is able to see this 10.x.x.x address.
This is both very good and very bad. Very good as I can track down to last machine instead of cache/router etc. This is also very bad as without knowing what network the request originates from, I'm stuck.
Take a look at this image if you have some time - its the feature in the board for approving registrations. I've circled the strange ones.
http://www.corsasport.co.uk/misc/internaladdresses.gif
I'm going to have a look at exactly what is being logged as per Deanos reply.
Cheers all.
[Edited by Ian Griffiths - 12/18/2003 7:09:54 PM]
#23
Works network is just a regular academic internet connection - its a college.
The server with the PHP running on logging funny stuff is a web server 200 miles away running regular Apache/PHP/MySQL.
The two entities are completely unrelated network/authentication/everything.
The server with the PHP running on logging funny stuff is a web server 200 miles away running regular Apache/PHP/MySQL.
The two entities are completely unrelated network/authentication/everything.
Thread
Thread Starter
Forum
Replies
Last Post
mightyyid
Computer & Technology Related
5
20 April 2008 03:17 PM