Results 1 to 7 of 7

Thread: IP Addresses and Routers

  1. #1

    IP Addresses and Routers

    I have read through the FAQs and searched around the internet, but can't find the answer to my question. Hopefully I won't sound too stupid here.
    If I use a router and someone finds my IP address, that will initially at least, be only my routers IP address, not the internal IP address of my computer. However, using that would they be able to find my internal IP address? How would they be able to find it? How could they make the jump from my router to my PC? And if it is done with "scanning" my router somehow, exactly how do they do that? Is it a hacker program or just commands? I've tried it from my friend's computer to my own and I can't figure out how that would work(of course that means little).
    I'm trying to make my computer secure and an extremely knowledgeable friend of mine told me that routers are better than firewalls. But I don't want to screw myself here. Should I install a firewall as well?
    \"The feeling of losing your mind is a terrible thing. But once it\'s gone, you\'re fine.\"
    Carrie Fisher

  2. #2
    Its easier than you think, one could do a tracert to your IP address, unless your behind something that is using NAT (network address translation), even then they could get to your gateway. tracert is just a command c:>tracert IP ( *nix traceroute).

    If your really doing something wrong, or really want to know, they could subpoena the logs of a router and trace it back this way. But its very time consuming.

    By buying a router or a firewall, I think your friend means a hub, with NAT built in. In itself that helps, but it cant ever hurt to have a software firewall installed on the internal side. If you want to go all out you could buy a hardware firewall, put that infront of your router doing NAT, and still have software firewalls on teh internal network.

    Hope this helps.

  3. #3
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Routers, for the most part, aren't security devices. They have a certain amount of security as far as access lists go but they are no replacement for a firewall. Your friend should do some more reading. Apples and oranges.

    As far as the other questions go....in order....

    Not necesarily.

    Probably, if you don't use a firewall.NAT device.

    Any number of ways to do that.

    Any number of programs like, but not limited to, NMAP.

    Hacker program?

    SAee answer pertaining to NMAP.

    And finally, if you want any type of protection from this horribly twisted Internet then YES you need a firewall.

    Hope that helps and I'm sorry for being so brief but you asked so much it's hard to find a starting place.

    peace
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    638
    I have read through the FAQs and searched around the internet, but can't find the answer to my question. Hopefully I won't sound too stupid here.
    If I use a router and someone finds my IP address, that will initially at least, be only my routers IP address, not the internal IP address of my computer. However, using that would they be able to find my internal IP address? How would they be able to find it? How could they make the jump from my router to my PC?
    Just knowing the address of a router on your network/subnet, does not mean that someone can get your IP address. But they can narrow it down substantially. eg if the router's address is a class B address and you're using subnetting (most class B networks do) it's a safe bet a person could narrow down your IP to within about 254 hosts (assuming you're using the 3rd octect of the address for subnetting).

    But this isn't how TCP/IP works. IP packets already contain the source address of YOUR machine. Router addresses (not IP) are only used at the Data Link level. So if you're already connected to someone else box (assuming it's TCP/IP connection) they already have the IP address of YOUR machine regardless of the address of your router/firewall (assuming you're not using a gateway/proxy).

    In English: A router routes packets. It does not proxy/mask your IP address.

    And if it is done with "scanning" my router somehow, exactly how do they do that? Is it a hacker program or just commands? I've tried it from my friend's computer to my own and I can't figure out how that would work(of course that means little).
    A person can get your IP address using simple network commands. eg netstat

    I'm trying to make my computer secure and an extremely knowledgeable friend of mine told me that routers are better than firewalls. But I don't want to screw myself here. Should I install a firewall as well?
    This is a gray area because some routers contain firewall type functionality but I believe that routers should route packets and guard against DOS attacks at the data link/network layers. Firewalls should look after the rest.
    OpenBSD - The proactively secure operating system.

  5. #5

    Question

    smirc,
    Thank you very much for your reply, but I have a question about your netstat answer.
    When I checked out my comp/router I sent a file to my computer, and had someone accept it for me on my computer. I used the netstat command to get the IP address of my router. But it did not give me any information about my internal address. So I'm a little confused. How would netstat give me the ip address of my internal IP address?
    Thanks for helping me out.
    \"The feeling of losing your mind is a terrible thing. But once it\'s gone, you\'re fine.\"
    Carrie Fisher

  6. #6
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    A router uses packet headers and routing tables to route packets. A hub copies all packets to all ports. In this way a router is slightly better than a hub but really only in performance and segmenting packets(Sending packets to the recipient network segment without broadcasting all packets to all ports) I believe you are talking about a broadband router for home or small office use. Most of these devices are a router AND a limited firmware firewall (Meaning it can be configured to drop or forward incoming packets based on the source/destination port or IP address which can be effective in stopping many virri and gay-ass script kids searching for NetBios shares)Additionally, most routers also include usually include:
    A DHCP server which assigns IP adresses to internal clients for people who do not want to configure static IPs on their network or maintain a DHCP server on another machine
    An HTTP/Telnet server which allows for remote administration
    Many if not all of these routers perform NAT(network address translation) this means the router will re-wrap the outgoing packets with its own external IP and re-route incoming packets to the appropriate internal IP adress. This is especially handy if you don't actually own an IP adress range and just rent one adress from your friendly neighborhood ISP
    Although this will superficially hide your internal IP from amateur snooping, internal adresses can be revealed by closer packet inspection or often times an application which has an established session will often give up internal IP information(Almost any application which uses network connections can concievably do this,a web-server comes to mind instantly) As for making the jump from router to PC, an attacker may try any number of things for example: I would start with a good port scanner such as Nmap and see if the router can easily be fingerprinted(identified using ip sequencing and other packet information) or allows external connections for remote administration(hint:VERY BAD IDEA) in the latter case a little brute force or dictionary attack can quickly yield a weak password, and in the former the router can then be researched for known exploits such as router which can "fail open"(meaning if the routing tables become flooded or full, the router stops 'routing' and becomes a hub, aka your screwed), or ARP/MAC poisoning(especially with wireless AP/routers) and thats just for starters. Don't despair though, quality routers when properly configured can at least cut down on a good share of internet baddies/kiddies. If you feel you need more,make sure you check your internal machines' security and install software based firewalls on your clients or configure a linux box as a more comprehensive and powerful routing solution. Just one more thing, remember that a firewall is only one aspect of security and security which relies solely on this is sometimes referred to as "candy security", because it's a hard crunchy shell with a soft chewy inside.... yummy.


    Regards,
    Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  7. #7
    Thanks to everyone that answered this query. You've given me a lot to research and study, but at least now I know better where to look.
    Special thanks to MaestrO, you gave me a lot of specifics.
    I appreciate it.

    ~One Who Watches
    \"The feeling of losing your mind is a terrible thing. But once it\'s gone, you\'re fine.\"
    Carrie Fisher

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •