Help with IP addresses

StewartR

StewartR

Messages
11,513
Name
Stewart
Edit My Images
Yes
Does anybody out there have better than a layman's understanding of IP addresses - where they come from, how they are allocated, that sort of thing?

I have a problem, the details of which I'd rather not divulge on a public forum, but if anybody is willing to help and thinks they may have appropriate knowledge, please get in touch and I'll explain it to you privately.

Thanks in advance.
Stewart
 
I work in IT Network Design and although I don't profess to know everything, I may be able to help - ask away....
 
There are essentially two types

Private, so used for internal networks. You can use any of these for your local network.
  • 10.0.0.0/8 IP addresses: 10.0.0.0 -- 10.255.255.255
  • 172.16.0.0/12 IP addresses: 172.16.0.0 -- 172.31.255.255
  • 192.168.0.0/16 IP addresses: 192.168.0.0 – 192.168.255.255
Everything else is considered public (so can be assigned to routers, firewalls, webservers etc) and are generally allocated by isp who in turn get addresses from the Internet Assigned Numbers Authority (IANA). Some companies have their own purchased public ip blocks. It is getting harder to grab public ips due to global shortages.

Technically you can just make up an internal ip range for your own network but if it clashes with a popular public ip you may run in to routing issues and service outages on your internal network.
 
Last edited:
Regardless of whether an IP address is in the public or private range - it will either be statically assigned by the host (i.e. a machine declaring itself to have a particular IP address) or allocated by (DHCP) server.with a period of validity. Whilst those allocated by a DHCP server can be dynamic (i.e. change every time they refresh) in practice they're mostly the same each time - either because the DHCP will have pre-allocated the addresses as fixed or the re-allocation protocol will request the same one again.

IP addresses are then used by routers to route traffic across network and may be encapsulated over network segments via one of many protocols. If two IP addresses clash then it will generally be the routing table (RIB) on the nearest router in that network segment that will be resolve that conflict.
 
looks like you have a lot of offer already, but adding my name to the list if you still need help.
 
Happy to help out if you need - let me know the details and I'll see if I can help rather than guessing :)
 
I also have familiarity with IPv4 and IPv6 , though what neil posted above pretty much covers it.

Getting IPv4 addresses in blocks of more than one (a /32) is increasingly difficult as the pool is exhausted and they are only available as IANA are gradually clawing back the big /8 allocations made in the 1980/1990s. The DHSS, now DWP, had one, for example, one 256th of the entire global address space allocated to a single department of the UK government (!) Microsoft UK, Sky and a few others have parts of that block.

IPv6 is the future, but one that almost no-one will embrace.
 
neil_g said:
There are essentially two types

Private, so used for internal networks. You can use any of these for your local network.
  • 10.0.0.0/8 IP addresses: 10.0.0.0 -- 10.255.255.255
  • 172.16.0.0/12 IP addresses: 172.16.0.0 -- 172.31.255.255
  • 192.168.0.0/16 IP addresses: 192.168.0.0 – 192.168.255.255
Everything else is considered public (so can be assigned to routers, firewalls, webservers etc) and are generally allocated by isp who in turn get addresses from the Internet Assigned Numbers Authority (IANA). Some companies have their own purchased public ip blocks. It is getting harder to grab public ips due to global shortages.

Technically you can just make up an internal ip range for your own network but if it clashes with a popular public ip you may run in to routing issues and service outages on your internal network.
Click to expand...

Which is always fun when you speak to a client who's having issues connecting to work over VPN and you find they have their work addresses set to 192.168.0.x, the same as many home networks...
 
Thanks everyone for the offers of help. I've communicated with several of you via PM and I think my problem is basically solved. Or, at least, understood. Thanks. What a great community this is.
 
neil_g said:
yeah always fun.

I generally try and put any new VPN server IP pools on the most obscure private range I can think of.
Click to expand...

Most companies now run in the 10.x.x.x range for internal addresses , even if small.
I remember about 20 years ago when I worked for GEC Plessey, we had a 8 whole internet subnet ranges (two for each site) that we used internally that we had to give back as they were running out of ip addresses. They used to give away whole ranges.
 
People used to think having someones IP address was a way to track them.. it's not... poeple can be anonymous on the interrnet even if you have there IP.. The first problem in the IP is the intrnet connection.. nobody can prove who was using it.. the next is IP proxy... normally information is sent from the internet to your unique ip address but a proxy means its sent to that ip and then to you.. an anon proxy will then hide your ip... and more importantly you can connect to the internet through a mobile phone sim that isnt registered to anyone thus being totally annonymous

so if its a tracking thing then an IP address is a lot less use than it was 20-30 years ago..
 
KIPAX said:
People used to think having someones IP address was a way to track them.. it's not... poeple can be anonymous on the interrnet even if you have there IP.. The first problem in the IP is the intrnet connection.. nobody can prove who was using it.. the next is IP proxy... normally information is sent from the internet to your unique ip address but a proxy means its sent to that ip and then to you.. an anon proxy will then hide your ip... and more importantly you can connect to the internet through a mobile phone sim that isnt registered to anyone thus being totally annonymous

so if its a tracking thing then an IP address is a lot less use than it was 20-30 years ago..
Click to expand...

In CSI last night, they used the IP address to locate the bad guys to within 2ft, re-purpose a nearby chippy's CCTV system, and use its camera to show them what was happening in the 'hot house' across the road. Thanks to image enhancement were able to get the guys name off a reflection of a passport sitting on a table in an adjoining room all because the 'perp' happened to be taking to someone with reflecting sunglasses.

Not bad for 30 seconds work! Although I'm a bit suspicious as to why the guy was wearing sunglasses inside - makes the whole thing seem a little implausible to me :)
 
KIPAX said:
People used to think having someones IP address was a way to track them.. it's not... poeple can be anonymous on the interrnet even if you have there IP.. The first problem in the IP is the intrnet connection.. nobody can prove who was using it.. the next is IP proxy... normally information is sent from the internet to your unique ip address but a proxy means its sent to that ip and then to you.. an anon proxy will then hide your ip... and more importantly you can connect to the internet through a mobile phone sim that isnt registered to anyone thus being totally annonymous

so if its a tracking thing then an IP address is a lot less use than it was 20-30 years ago..
Click to expand...
depends on the end users motivation and method of connection really. mr john smith using his bog standard BT infinity package could most likely be traced reliably back to his ISP and then from there (with the relevant warrant etc) which customer router was connected etc.

however..

obviously you have VPNs. i've generally seen an increase in malicious traffic geolocation data coming from the netherlands, which funnily enough is where some of the better VPN servers are.

plus you have IP spoofing. there was an article recently calling for caution when performing "revenge hacks" as a large amount of spoofed IPs were legitimate company/gov addresses and getting caught hacking those could obviously land people in bother whatever their motivation.
 
Furtim said:
Although I'm a bit suspicious as to why the guy was wearing sunglasses inside - makes the whole thing seem a little implausible to me :)
Click to expand...
Yeah, I'm with you. Up to that point, no issues, but the sunglasses just ruined it.
 
neil_g said:
depends on the end users motivation .
Click to expand...

haha you mean if they are trying to be anonymous or not ?: ) Just use a mobile phone not registered.. go somewhere random.. log in.. do what you want .. go home...and for extra safety.. throw the £5 sim away... 100% anonymous :)
 
You need to be particularly knowledgable to stop yourself from being tracked across the internet. As an example, my browser settings are unique among the nearly 2 million tested in the past 45 days here -

https://panopticlick.eff.org

This is information that can be read by any website you access unless you have specifically disabled flash and javascript, but disabling javascript breaks functionality of a lot of sites (visit google with javascript disabled to give yourself a 2005 web experience). You can also install a do not track browser add-on, but browser add-ons carry their own potential risks. Even browsing via tor previously exposed users to fingerprinting. Note that this is just one tracking method, it is slightly less well known than ip addresses and cookies, but still public knowledge. There are almost certainly many ways that are not so public and so difficult or impossible to defend against.
 
KIPAX said:
haha you mean if they are trying to be anonymous or not ?: ) Just use a mobile phone not registered.. go somewhere random.. log in.. do what you want .. go home...and for extra safety.. throw the £5 sim away... 100% anonymous :)
Click to expand...

Phones can generally be traced back to the supplier. If the end justifies the means, the phone purchase can be tied back to a card transaction.

Pay cash and they'll use CCTV to identify you.

Buy secondhand and you'll need to make sure you can't be identified by the previous owner.

Go "somewhere random" and you'll need to avoid CCTV - far from easy in this country.

There's rarely such a thing as anonymity these days. Scary in some respects, but you've got to question what someone's doing to be that concerned about being identified.
 
dom71 said:
Phones can generally be traced back to the supplier. If the end justifies the means, the phone purchase can be tied back to a card transaction.

Pay cash and they'll use CCTV to identify you.

Buy secondhand and you'll need to make sure you can't be identified by the previous owner.

Go "somewhere random" and you'll need to avoid CCTV - far from easy in this country.

There's rarely such a thing as anonymity these days. Scary in some respects, but you've got to question what someone's doing to be that concerned about being identified.
Click to expand...


you have been watching far too much TV .. It's the SIM not the phone and you can get them in all manner of places.. big brother isnt watching everything yet :)
 
Rapscallion said:
You need to be particularly knowledgable to stop yourself from being tracked across the internet. .
Click to expand...

No you don't.. you just hold of a sim not registered to yourself and a mobile phone.. simple..
 
KIPAX said:
No you don't.. you just hold of a sim not registered to yourself and a mobile phone.. simple..
Click to expand...

Mobile phones transmit their IMEI every time they connect to the network. I don't know of anywhere you can buy a mobile legitimately without a strong probability of being indentified or captured on CCTV.
 
dom71 said:
I don't know of anywhere you can buy a mobile legitimately without a strong probability of being indentified or captured on CCTV.
Click to expand...

Really? wow...
 
dom71 said:
Mobile phones transmit their IMEI every time they connect to the network. I don't know of anywhere you can buy a mobile legitimately without a strong probability of being indentified or captured on CCTV.
Click to expand...
You can buy one quite legitimately in Lincoln market. No CCTV in there.
 
You must log in or register to reply here.
Back
Top