IP Addresses? (complete newbie question)

[ydobon]

Hi! I barely know anything about how the internet works so please bear with me.

I've seen scam ads that say "Your computer may be broadcasting your IP address to attackers! Click here to correct this!". I don't click them, but it's made me wonder if there is any element of truth to that.

What can someone do if they know your IP address? Is it a bad thing for someone to know your IP address?

As I said, I'm a complete newb so I hope those questions even make sense!

[keezel]

In plain English, a computer's IP address is similar to a mailing address. In order to send information to it, one needs the address. It is something you need, but also something worth protecting because it's possible for someone to scan your system for vulnerabilities IF they have your IP address and that can be a very bad thing if you haven't updated Windows with all the patches and if you do not have a firewall. I also highly recommend anti-virus, anti-trojan (sometimes AV covers trojans/worms but can't remove them), and anti-spyware.

Here is the link to download Ad-aware. This is a very effective free (for personal use) spyware detection and removal tool.

At the bottom of this page is a link to download AVG free antivirus. Try to use a "junk" email address that you never use when you sign up for it. I also highly recommend Symantec's Norton Antivirus, which is excellent but you have to pay to use it. Whatever you use, keep your definitions up to date (on both antispyware and antivirus applications) and run a scan weekly.

Here is the link to download ZoneAlarm; a free, very user friendly firewall. There are better ones out there, but this one is pretty solid and especially user friendly. Again, I recommend Symantec's Norton Firewall if you want to shell out some cash.

I'm sure others will give their input on what they like best and what you should/shouldn't use soon. Good luck.

[576869746568617]

Hi, and Welcome to AntiOnline!

I am assuming that you are using the Microsoft Windows Operating System and a broadband internet connection (DSL or Cable).

First, what you need to do is to turn off File and Printer Sharing for Microsoft Networks. To do this:

Go to the Start Menu, and Open Control Panel. You will see "Network and Internet Connections". Click this.

Next, you will see a screen that says "Pick a Task" and "or pick a Control Panel icon". Under the Control Panel Icons, you will see "Network Connections". Click on it.

Now, you will see some Icons. Open the one for "Local Area Connection" and select "Properties". On the next screen, unckeck the box next to "File and Printer Sharing for Microsoft Networks". Then click OK, and close the windows.

What is happening is that your computer is sending what are called NetBIOS broadcast packets. Disabling the file sharing will limit the amount of broadcasts that your computer sends.

(In all actuality, the ad you saw probably doesn't know that you are broadcasting your IP. It's there to make people who don't know if the computer is doing it or not click on the link to try to sell you something, or wose.)

I would recommend that you install a firewall other than the Windows Firewall that came with Windows XP as well. Make sure you have anti-virus software, and also get a malware/spyware scanner. I would also recommend an Intrusion Prevention System, like Prevx Home (free from www.prevx.com)

[sandcraft]

All good questions...

Check this site to see how vulnerable the information your boradcasting makes you.
http://www.grc.com/x/ne.dll?rh1dkyd2

The nice thing about the ShieldsUp site is the amount of easy to understand information available.

The ads warning you could be right but you were right not to click them. At least 50% are spyware and why pay for what you can get for free?

Start with ZonAlarm since you are new to the tech that runs the internet. Once you feel more confident go with Sygate Personal Firewall or any other fw that lets you make your own rules.

To honestly answer your question if someone really wants to hack your computer it can be done with or without the IP up front. However broadcasting your IP can allow rank amatures to run scripts against it at will.

[keezel]

First, what you need to do is to turn off File and Printer Sharing for Microsoft Networks.

I'm not saying that's a bad idea, but can you give me a specific example of what would happen to someone that doesn't? Afaik, unless you're on a LAN, it makes no difference. And then even if someone were on a LAN with those things enabled, how could one take advantage of it (other than sending a print command for X1000 sheets of blank paper...yes I've done it before). Or having access to files you may not know are being shared? Or unless you've set permissions so that people can *add* things to your shared folder(s), which would be very silly.

[Computernerd22]

I've seen scam ads that say "Your

computer may be broadcasting your IP address to

attackers! Click here to correct this!".

Pop ups.

What can someone do if they know your IP

address?

Well, they can do a lot of stuff like they can

do a simple 'WHOIS query' to see 'who' the IP

address belongs to. For example what ISP or

organization. They can map the IP address to

city and state (visual look that is) determine

who the ISP is, after that then they can

determine if they want to

1.) Scan to find open ports.

2.) Identify applications, servers, that are

running (based on the open ports they found)

3.) Code their own exploits or if they will find

exploits specific to those applications and

servers.

4. exploit.

5. Modify all log files.

6.Leave rootkit on system.

7. Own you because he/she has your IP address. Of course this is easier said than done. If your a home user with dial up I wouldn't worry about it to much. If you have a broadband connection (cable/ADSL) and have a static IP address then I would be a little concern. But if you have broadband with dynamic IP address leasing then I wouldn't worry about it as much. Just get a router and a software firewall, and AV software with Anti spyware software and keep your system up-to-date at all times you then should be okay for the time being. j/k

[sandcraft]

keezel 576869746568617 is correct. Port 139 and others of NetBios are the ugly stepchild of vulnerabilites.

With common available tools even a secure network can be owned in half the time via these services. Think about your printing example when windows prints under what authority do you think it prints? And with that authority in your control what can you do besides print? Lots of fun stuff

[576869746568617]

Okay, let's just say that you have a Cable connection, and I am scanning IPs behind the ISP's router. I see your IP address, but I am not particuarly interested in your machine, until I see that TCP/UDP ports 135-139 and 445 are open. That's bad juju.

Your firewall will not filter the traffic that I am about to send to your computer, because (unless you have custom rules to block/filter traffic on these ports) it assumes the traffic is legit. I send a few packets to the computer to make sure it responds (called NetBIOS enumeration) from which I can get the computer's NetBIOS hostname.

Now depending on which patches you have installed (Which brings up another point...Make sure you turn on Automatic Updates), I can make a null connection to your computer. Now at this point, my access is extremely limited, and it is read only, but I AM IN YOUR COMPUTER! To make matters worse, I have a command prompt. Now I can attempt to spawn processes through application vulnerabilities (like the one that gave a user run as system rights back a few Norton Antivirus revisions ago), and get admin rights. Now, when I disconnect, I will have to do this all over again to regain root...but I'm not done yet.

Now I can use a program like User2Sid to get the SID and hash of the user "Administrator", so I can crack the password using LC4 or lophtcrack. If you rename the Administrator accout, that's OK, because I will run Sid2User just to make sure the user name and hash I crack are for SID 500, which is ALWAYS the SID for the admin account on a Windows box.

Now that I have that information, I copy your SAM datadase and disconnect, crack it, and reconnect using the admin account and password. Then I create my own hidden account, possibly installing a root kit or other trojan to use your computer as a zombie for DDOS attacks and the like.

Can you smell the bread burning?

Hell, nowdays a 13 year old script kiddie can just run a script to do almost all that in a fraction of the time it takes a real hacker. (Real hackers don't run scripts...THEY WRITE THEM!)

Basically, having those ports open on any connection that is directly connected to the internet is a BAD idea. In a corporate LAN, you should set the Firewall on the internet to explicitly deny those ports, bot inbount and outbound.

I'm working on a "Best Practice" firewall ruleset tutorial, and should have it published on AO in the next few days, if anyone is interested.

[keezel]

I have a command prompt. Now I can attempt to spawn processes through application vulnerabilities (like the one that gave a user run as system rights back a few Norton Antivirus revisions ago), and get admin rights. Now, when I disconnect, O will have to do this all over again to regain root...but I'm not done yet.

Ah, that's the jump I couldn't make in my mind. I didn't know how to get from the limited, read only access to actually having access to manipulate files on the system. Thank you.

[gore]

Originally posted here by sandcraft
To honestly answer your question if someone really wants to hack your computer it can be done with or without the IP up front. However broadcasting your IP can allow rank amatures to run scripts against it at will.

What the hell? Do you make prank phone calls without the phone number? You're computer broadcasts an IP or it's not online or network.