IP2 Question

Discussion in 'other software & services' started by Rainwalker, Nov 2, 2014.

  1. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    My IP addy recently changed in a way that concerns me. The first octet changed in a way that surprised me so I did a look up which resulted in two locations. The first location was about 100 miles from me ( ipaddresslabs.com ) and the second showed to be about 1000 miles from me ( ip2location.com ). Historically my look ups have shown only one ip location and that was where a live or a town away. I have done malware scans and nothing showed. What might be going on?
     
  2. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    829
    Location:
    UK
    Have you scanned outside windows?
    ie with a live cd or another windows install
    More chance of picking up an infection if it doesnt have a chance to hide itself at boot up.
     
  3. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    No...Not sure what you mean. Are you saying it smells of malware?
     
  4. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    829
    Location:
    UK
    Not sure if its malware.

    Just better off eliminating the possibility by scanning outside of the affected windows install.
     
  5. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    Did both sites show the exact same IP Address? The databases that contain location information for an IP Address can have inaccurate information and/or information arrived at via different means. If an IP Address was recently reassigned, you could theoretically end up with one database showing old location and one showing new location. So at times it can be helpful to check more than two of them.

    If you lookup the IP Address at http://whois.arin.net/ui, do you see contact information for your ISP?

    If you traceroute via http://centralops.net/co/Traceroute.aspx, do you see later hops hitting machines with fully qualified domain names associated with your ISP?

    If you do a reverse DNS lookup via http://rdnslookup.com, is the result consistent with your ISP and its domain name?
     
  6. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Thanks trott3r. Are you saying scan inside of Windows from outside of Windows e.g. Hitman Pro? I have done this.
    Hello TheWindBringeth.. Item #1 Yes........Item #2 Yes......Item #3 Yes
    " If an IP Address was recently reassigned, you could theoretically end up with one database showing old location and one showing new location. "..... Interesting....thank you.
     
  7. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    My IP has changed three times since last post. My IP is still showing me being at two locations. One is a good 1000 miles from my geo location. Time Warner Cable Internet llc. Any other ideas?
     
  8. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    How are you determining what your public IP Address is?

    One way is to look at things from a physical interface IP Address assignment POV. You'd review how that is being handled and examine the information you are receiving from your ISP. Which might involve logging into an external router and looking over the DHCP information. The objective is to verify what IP Address remote servers SHOULD see when there is no VPN, remote proxy, browser compression feature, IPv6 tunnel, MITM, etc rerouting your traffic through some other IP Address.

    Another way is to visit http://whatismyipaddress.com or a similar site. This involves browser traffic that could be rerouted (in part because of HTTP). If the IP Address arrived at via this method doesn't match the IP Address arrived at via the earlier method, you'd have to investigate and determine what is causing them to be different. If the IP Addresses are the same, it would suggest that your traffic isn't being rerouted and you are likely just running into some kind of geolocation website/database related issue.

    For some ISPs, reverse DNS names (shown in traceroutes for example) will shed light on the machine's location. For example, you may see state/city/region information somewhere in the reverse DNS name for a router near an IP Address of interest or the actual IP Address of interest. This can helpful when trying to confirm where an IP Address is being used.
     
  9. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    OK...thank you again TheWindBringeth, for your time and information.
     
Loading...