Does router hide your ip?

Discussion in 'other firewalls' started by FrozeNn, Sep 3, 2006.

Thread Status:
Not open for further replies.
  1. FrozeNn

    FrozeNn Registered Member

    Joined:
    Dec 28, 2005
    Posts:
    33
    Hello guys,

    I have heard that a router can possibly hide ur ip and hence, u are not able to view ur "real ip" while visiting sites like www.youripadress.com or whatever.

    Im on a D-link Router and Windows Firewall, and while visiting these sites, my IP address seem to be showing up correctly :O

    Why is it so and how to make it so call "hide my ip" ?

    Any advice will be most welcomed.

    thanks!
     
  2. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    When you have a router, the IP address of the PC in front of you is in a private address space, typically 192.168.xyz.abc, as opposed to an internet routable address which it would receive if you had plugged the PC directly into the cable/DSL modem. That externally known address is taken by the WAN side of the router. The routers WAN side address has to be known to the sites you visit, otherwise they will not be able to communicate with you.

    The only way to "hide your IP address" is to use an anonymizing proxy. This does not hide your address per se. Rather, the anonymizing site does know your real IP (it must to route packets to you) while any site you visit will only see the IP address provided by the anonymizer at their site. It really just changes who sees your IP from sites you visit at large to a single site that you've either contracted with (a commercial anonymizer) or simply use (a free site) as an intermediary. This just moves around who knows what, it doesn't change the underlying requirements

    Blue
     
  3. FrozeNn

    FrozeNn Registered Member

    Joined:
    Dec 28, 2005
    Posts:
    33
    Thanks mate! Superb explaination there.

    One more question: That is if an attacker was to somehow get hold of my external IP address(taken by the WAN side of my router as explained by u). Is there any way to prevent getting "attacked" by him or is he able to "attack" me?

    Thanks once again.
     
  4. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Attack as in use that information productively? No.

    Please read through El Cheapo Router Challenge, First winner - El Cheapo Router Challenge, NAT = Hack Proof?, and Leo Laporte says software firewall not needed! for some discussion on the topic.

    Basically, a router deals extremely effectively with the types of attacks that are purely unsolicited in nature, in other words those that are launched externally without any active participation from the PC user. What they don't do is protect against attacks that are the result of a user initiating some activity from the PC side (downloading from the net, running malware that calls out, etc.).

    Blue
     
  5. FrozeNn

    FrozeNn Registered Member

    Joined:
    Dec 28, 2005
    Posts:
    33
    really interesting articles there. read some.

    just wana ask whether if for example ,connecting to the mIRC via a bouncer(BNC) deemed as an activity that may so call endanger the PC's security and let in attacks easier.

    to add on, I do portforward in order to play games. will this affect my router's inbound protection ability?
     
    Last edited: Sep 3, 2006
  6. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    It depends on the ports you opened/forwarded. Many careless people will "DMZ" their computer to run a server or something. That's suicide for your PC, plain and simple...as all 65,000 plus ports are potentially exposed.

    Opening/forwarding ports on the NAT is better..as you only need to open/forward the minimum ports required to make your service available to the public side...example, port 80 for a web server, 21 for an FTP server, 27,960 for a Quake 3 server, etc. You generally don't have to open/forward ports to play most conventional online games as a client..there are a few oddball ones, yes, MS Zone/DX driven games, etc. Some ports are more vulnerable...but those for games...nah, they're fine. There needs to be a service which is accessible from the outside..in order for it to be a problem. Naturally those services should be locked down well..any game servers you run...the server component (manager) should have a good admin username and password, etc.
     
Thread Status:
Not open for further replies.