Question About IP Addresses

How much can information can a website pull on you by reading your IP address?

That's about all.

So if your banning people by IP address you could be potentially banning the wrong person....

And what's a proxy?

A proxy server is a computer that sits on a network, usually a corporate network. If you're sitting at home, and you surf to DU, then CNN, then ebay, your computer has contacted all of these web servers and asked for information, namely the page you click on, whether it's a cnn article, a DU thread, or a particular ebay auction.

If you go through a proxy server at work, the proxy makes all of these requests for you. When you want to go to CNN and put the address in your browser, that request is passed to the proxy server. The proxy server, in turn, makes the request of the CNN website. Moreover, it does this for all users in the building. It protects you somewhat when you're web surfing, but it's mostly used so that your company can see where you're surfing.

If you ban by IP, you might ban a machine for a short time.

There is something call DHCP which picks a new IP address for you every so often, it's a dynamic system.

Therefore, if they have a dynamically allocated IP address (like most do on the net), they're only banned until that lease is up. Which could be any length of time depending on what allocated the IP.

Proxy servers are generally used to filter what people can hit. For instance, I have a proxy at work. It blocks porn. If I request a porn site, I get a message saying denied. They're used when a bunch of people are going to share a connection to the net.

Proxies properly configured can anonymize you, if you point through several proxies.

If you ban certain IP addresses, you may end up banning a whole company.

You send your request to the proxy, it goes and gets it for you, then you get it from the proxy. In that regard it's sort of an "anonymizer" - a site will only see the address of the proxy, not yours.

to a street address?

But there are databases out there that have it down to the town at least.

Warning: Potentially Dangerous Web Site Detected!

You have been redirected to this Web page by the McAfee AntiPhishing Filter. The Web site you requested is in our list of Web sites that are potentially trying to obtain unauthorized confidential information. If you proceed to this site, you may be at risk, especially if you have clicked on this link from an e-mail.

Remember: Financial institutions will never ask you to confirm personal information through the Internet.


I wanted to go to "Logical Fallacies And The Art Of Debate" and it's blocked...

disable it and uninstall it. They're worthless and they are written by companies who take a dim view of liberal politics.

I don't trust any "security" program that claims to protect me. I run a firewall and I trust that to protect me. Also, I run only Linux which is immune to worms and such things.

nt

Should I be paranoid about ordering stuff online?

yellowcake are you? If not play through.

Just regular things - CDs, books, etc. I'm always a little hesitant to use my credit card.

are a Windoze user... do run adaware or spybot, have a current virus scanner, set your machine behind a router if you can, install a firewall, (Zonealarm) and type gingerly through the digital jungle.

My credit card is safe.

If it's compromised by the site, Amex doesn't make me pay for anything, they assign a new number and card right away.

I check my credit card charges every couple days online so that if something weird ever shows up I can ask.

But NOTHING has ever shown up strange.


- As far as software goes, I use Firefox instead of Internet Explorer.
- I don't run any spyware filter, since I never get any from Firefox.
- When I run a spyware finder, it's always 0 hits.
- I use both Microsoft's firewall built into XP and a hardware firewall on my cable modem.

NOT losing their identities to thieves.

I hear it all from our poor customers.

People install those damn webshots backgrounds, screensaver changers, etc.

And then the spam starts.

And then the spyware loads.

Ack!

I don't support the death penalty, but something needs to be done to the people that turn a brilliant tool like a computer into something that inspires fear and mistrust.

tired of ME (Had several issues possibly related to internet abuse) that he went out and bought Linspire... I suggested he might consider Linux as a alternative since I run 98, Win2K and Mandrake 10.1 beta on my other machine. Long story short, the Linspire won't install, get a black screen (cursor is there and mouse works) and if you try to run from CD it runs and runs but never totally comes up with a desktop.

I tried to return it for him today but Bestbuy only wants to give me another copy of Linspire.... uhhhhh no.

I think they are getting some Redhat and perhaps Suse tomorrow... so perhaps I will try to get him his 107 dollars worth with a different version that may better support his 900 MGHZ Gateway computer.

I teach Linux. It's free. Even the enterprise stuff. Just don't pay for the tech support.

If you have a cd-writer, go to linuxiso.org and get Fedora Core 4.

Do a careful install to avoid installing stuff they'll never need, and they'll have a rock solid browsing box.


If you need help with it, let me know. The Linux is why I'm still employed. I taught the company that took the Windows part of my job back in October.

I don't toy around much these days, I just do RH, and get it working.

I know a lot of fans of Debian, but it sounds like too much work for me. I know the underlying stuff, so now I just want it to work without too much tweaking.

Lazy? Yes.

After teaching 30 people Linux, I could go a few months without ever seeing it, I'm so tired of explaining VI, /etc, and so on.

A generous South African millionaire funded it, they will ship you as many copies as you want for free, with no shipping and handling. I got a package of ten nicely packaged cds, get as many as you want and pass them out to people.

But since no corporate customer will ever install it, I'm not worrying about it until I'm unemployed. :-)

Corporate customers like to know who they can sue if something breaks or is insecure.

That's why they will pay so much for the software contracts.

found a good burning program in the batch, a camera program, hex editors... just about everything you could want... never turning back. Thanks for the tip on Fedora Core 4.... I will check it out. Glad you were able to stay employed, I did the two year MCP and MCSE thing, couldn't find work in the computer field here... back to hard labor in the heat... oh swell. :)

P.S. I see Fedora Core 1,2 and 3 at LinuxIso.org... 4 isn't there... any other places I should check??

If you are concerned that your credit card info could be insecure, that is a valid concern.

NOW, that said, there are no documented attacks ever that have breached a site that is using secure http. When you hit a site, it says http:// but if you connect to a site that is using secure, it will be https://

Depending on the browser, you will also see a lock or something somewhere on the browser to give you a feeling the site is secure.

Now, THAT said, there have been lots of credit cards stolen online, because the company was stupid and made it easy to get to databases without securing them.

Therefore, ensure your credit card has some sort of protection online from charges if your number is stolen.


Ok, if you are concerned buying online because somebody might have record of what you've bought, welcome to 2005. We haven't got any choice there. Your credit card, loyalty card (think grocery discount), and other info is all collated by big companies. Read up on how Rove targetted potential donors in 2004. It's really amazing what information is out there.

Hope I hit your questions. :-)

I don't like the idea of some corporation tracking the number of feminine hygiene products I buy, but I do feel better about credit cards online.

1: Pay cash. Always.
2: Stop using loyalty cards.

If you ever, even once, use a credit card at the same time as you use your loyalty card, they're linked. Which means if the next 50 times you use the loyalty card with cash, they are all collated with your credit card, and id'd as you.

If you make a fake loyalty card that sends all the junk mail to a nobody address with a fake name, but you use it with the credit card, they then know everything you've ever bought with that card, and can use it to market to you.

It's wild how this stuff can be tracked.

I do have a fake Safeway card that I signed up with a very, very old phone number. I still don't get the benefit of "marketing" to me, because I NEVER make purchases based on spam or junk mail.

I'll just have to pay cash from now on. And use a new dummy Safeway card. :)

And then you just have to be careful never to let it link with a real identity or credit/debit card.

If you use "loyalty cards". In Canada we have full-disclosure privacy laws. You can write a grocery store or retail store and ask for a copy of the file they have of your purchases.

I was amazed by the pages and pages of my pruchase history they sent back to me.

My whole family shares the same loyalty card by using an old phone number from years and years ago. I don't even know whose name is on the card. There must be hundreds of things on it.

I wish that the US had a similar law.

Every purchase made on a store credit card.
Gas credit card.
Electronics store credit.
Home.
Car.

They can get one hell of a spending pattern.

I bought a computer and they tried to enroll me in their premium program. They looked up my purchases and told me that I bought enough that I should join. :wow:

decide if you've returned too much merchandise over too short a time period.

Big business will have your info. Nothing you can do about that.

I don't know if you caught the Rove remark I made in an earlier post, but in 2004, they were using obscene amounts of data to target a person, not a neighborhood for a particular issue.

House 1: Buys X,Y,Z, must have children, donates to church. Has more than # children, probably against abortion. Send them documentation showing that Kerry is going to drive up to their house and give abortions from a bus on their lawn.

House 2: Buys A,B,C. NRA membership. Related to big money, Probably worried about estate tax. Send them something that shows Kerry wants to take their houses and use them for free housing for crackheads.

House 3: Buys F,G,H. Gives to Democrats. Has hybrid. Send documentation about Bush is looking to build a shelter for puppies at the White House, how he is trying to lower that family's tax burdens...


It's wild.

Each one has a different privacy policy regarding who they give your info too and why.

and they would need a court order....

An ISP is not like the phone company at all!

I have at times used friends who were sysadmins at ISPs to get all sorts of information on people who have been trying to hack my sites.

But only sometimes.

And there are means of obscuring that information that range from trivial to clever.

NT

Sometimes other computers do something called "pinging" (I am computer illiterate and I don't know what that is), but my computer traces it and it can locate the town and country.

I have a wireless network, so it's usually just jerks in my complex trying to latch onto my service. They can't get in, so I don't do this. However, my firewall has a button to report the activity as well.

If I can track someone's town down with the big button on my firewall service, it must be really easy. Plus, there might be a lot of things that more advanced people can do.

1. Asking friends who work at ISPs.

2. If you are using an alias, and then also use the same address to send out non-alias email, you can find a match in the email headers of the two addresses. This is how I figured out that Mr. Wiggles and Mykeru were the same guy in that infamous incident that he is still stalking me over.

3. If you have a domain address that points to that IP address, your domain record usually contains your information.

4. If you have an IP block of fixed addresses, those can be referred back to the block owner.

3. If you have a domain address that points to that IP address, your domain record usually contains your information


For instance I know I can usually find out who owns a website by going to whois at networksolutions...

people have email addresses using their domain names frequently.

Now, suppose I send you an email from one of my domains, say, from the server computer on White Rose... But, thinking I am clever, I use Yahoo mail. Yahoo puts the IP address of the originating terminal into the mail header even though I used my alias of bubba@yahoo.com to send the email.

Well, armed with the IP address, it is trivial to do a reverse lookup and find WhiteRoseSociety.org.

In that record is my name and address and phone.

Many trolls have used that to make threatening phone calls and send poison pen letters. One even showed up at my door.

think I'm in Berkeley, CA, a place to which I am nowhere near.

NT

About 45 miles away.

nt

but even if it was, it still shows that the holding of an IP address is not going to get someone's location too easily, leaving aside ISP employee friends breaking the law.

Like I said, sometimes.

Email has IP information. Any web forum that lets you post pictures, like this one, give your information to whomever hosts the picture you just viewed. I've outed freeper trolls that way here in the past. You don't even need to have a picture anybody can see, as a one pixel transparent PNG file will do the job and not be visible at all!