Need help with Int/Ext IP Address Questions

Discussion in 'privacy general' started by blammer, Feb 19, 2007.

Thread Status:
Not open for further replies.
  1. blammer

    blammer Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    3
    I will be upfront and say that my head is spinning from what I have been trying to learn on the net about Internal and External IP Addresses. So, I want you to know that I am here to learn.

    Basically, I would love to understand the concepts of Internal and External IP Addresses, and IP Addresses in general, as well as how MAC Addresses fit in.

    Specifically, I would like to understand how, for instance, one could be traced by an outsider, whether Government, hacker, whoever, via their Mac Address or IP Address. I would also like to know how this happens differently when one is connected to a LAN at a College/work environment, versus, let's say, a router in a home with a Cable/DSL setup. So basically, how do these people get caught downloading music or porn or whatever that is illegal? Or how do people who run legit Firewalls get hacked?

    As far as I understand right now (and I am sure much of this will be wrong) I have an internal IP address that communicates with either my router or my LAN, that internal address is used to generate an external address which allows me to communicate with webpages, chats, etc. How exactly my Mac Address fits I am not sure.

    So I know this is a lot, but I would like to understand this so that I can be protected. I am not doing anything illegal (honestly), so I won't want to do something like go thru the proxies that are talked about on here that will bounce my connection from the US all over the world. But it would be nice to be real secure, not able to be hacked because of a floating IP/MAC Address that I could have hidden.

    Just some info on me...I run a Lenovo T60, 2.0 Ghz Core2Duo, etc. I use Comodo Firewall, AVG Antivirus, Spywareblaster, I run Adaware and Counterspy scans every so often. I use Firefox and NoScript. I don't surf stupid sites or ask for viruses or spyware or download attachments.

    Thanks so much for the help!! I have read a lot of responses on here and everyone really seems helpful. Forgive any ignorance in advance.

    :)
     
  2. itsmej

    itsmej Registered Member

    Joined:
    Feb 10, 2007
    Posts:
    109
    Location:
    Australia
    ehh i understand what you are asking ,So my advice is this .Link to google
    and type in a Heading Like say IP ,ok there you fing Tons of ansers ,if we were to try and anser your concerns this page would take a week ..On how things are done and work ..thats where one finds all you ansers.on what you are looking fore..(
    +"So basically, how do these people get caught downloading music or porn or whatever that is illegal? +" Because There is no sutch thing as cant be found ,Every one Must Start Somewhere,(ISP) no matter where from ,what all this comes Down To ,Is one Drawing attention to Ones Self ? if So Than No matter How ,what one uses To hide One will Be found.Take it a day ,or a year ,But If some one like a law agent is looking for Somone One will be found! - As you read about or Sometimes see on the TV Pll get Found ,even crooked Law ppl ,get found ,If one is Not breaking the law ,even downloading
    porn,or what ever and its ligit than one has no worrys.If its Not Well one start to draw attention to one self ..like any thing in life ,if in a crowd of 100,000 ppl .and thy all have red clothing on ,and 1 has black .well that persion stands out .....Same on the nett
    Its comes Down to this ,if your pc is in a non responding Mode (stealthed) one is very safe From hackers .no one can be scanned ,in ather words a scanner of ips would get no responce at that ip (No one home) So he scans to the next ip ,and So on..even say he/she trys to scan you all Day ,but your system stays in No responding Mode ,ather words Dont anser ,he has to go the whole round trip agian ,Now 99.99% of the time hackers dont wast there time trying to bust into a stealthed System .or a hardened system,thy only seek easy targets.that have open ports.or even in some cases Closed ports
    But prefere the easy ones .(But letts say thy did get into my system Some how ,thy allready have Win XP , or perhaps a different one ,)
    Plus if you are well protected as you are now Your very safe ....and as i can make out you are fiarly carefull where you surf..
    anyHow Do as i advised
    and good luck in your Search...for what you seek ..
    itsmej
     
    Last edited: Feb 19, 2007
  3. blammer

    blammer Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    3
    Sounds good...so the jist of it is that as long as I am stealthed (which I can check by using shieldsup or similar sites) then I am most likely fine in relation to being hacked or watched or whatever, assuming I am not attempting to search for some redflag stuff and drawing undue attention to myself.

    So, if you could, in a brief few sentences, walk me through (1) the difference between an internal and external IP Address and if this is the reason that I get a different IP address when I use ipconfig versus some tracing site (2) and how a Mac Address fits.

    If that would take to long don't sweat it, I will keep trying to understand this all.

    Thanks so much for the info. It relieves some of the worry.

    Take care.
     
  4. itsmej

    itsmej Registered Member

    Joined:
    Feb 10, 2007
    Posts:
    109
    Location:
    Australia
    Before any one Stars posting whats the best router ,I just use Linkys as a sample.Modem i am Shure there are atheres as good or Better..
    Difference between the internal and external IP Address?
    The external IP is used to communicate with remote servers and computers. An Internal IP Address, also known as a NAT Address, is used to communicate within a local network. Most Internal IP Addresses start with 10, 12, 172, or 192.
    How Broadband Routers and Firewalls Work
    Many broadband routers and firewalls function primarily through the use of Network Address Translation (NAT) to hide the internal systems behind a single external IP address. These so-called "NAT routers" or "NAT firewalls" do an adequate job of hiding resources from casual attack methods, but they do not perform advanced firewall functions; therefore, it is really a bit of a misnomer to call them firewalls, at least in the sense that firewalls such as the Cisco Secure PIX Firewall, Microsoft ISA Server, and Check Point Firewall-1 products are considered firewalls. Rather, many broadband routers and firewalls are just NAT-based packet-filtering routers providing a degree of privacy, but they typically lack advanced firewall features such as stateful packet inspection (SPI), proxying of data, or deep packet inspection.
    (Now if using a non router ,one Must have a fire wall ,ather than the win Fire wall )to be able to help Do the above..the reasion i poted this is Routers Today are far better Now ..and Mutch safer than say A Pure ADSL ( in and out) Modem .that i use ..
    The client initiates a connection to an external host B.
    The broadband router/firewall receives the request and translates the request from the internal IP address to the address of the router/firewall's external interface. The router/firewall keeps track of this translation in a translation table.
    The packets are delivered to the external destination (HostB), which believes that the packets originated from the external IP address of the router/firewall. The external host (HostB) responds accordingly to the external IP address of the router/firewall.
    When the router/firewall receives the response from the external host, it checks its translation table for a matching outbound request.
    If it finds one, the router/firewall repackages the packet and delivers it to the internal host (HostA), which thinks that the response is from the external host (HostB).
    In addition, most broadband routers/firewalls are designed not to permit any unsolicited packets from an external host to be delivered to an internal host.

    Although this is generally an adequate level of protection for most home environments, it is important to understand that reliance on NAT alone to protect hosts is a false sense of security because NAT does not guarantee security in and of itself, as noted in RFC 2663 Section 9.0. For example, NAT devices are as susceptible to targeted attacks, such as denial-of-service (DoS) attacks, as non-NAT devices. NAT also provides for no actual filtering of packets leaving the internal network; instead, it permits all outbound traffic as long as it can be translated accordingly. Although it is a subtle difference, NAT provides more privacy than it does security.

    Therefore, only when used in conjunction with other technologies can NAT serve as an effective security mechanism. The best broadband routers/firewalls (for example, many of the Linksys broadband firewalls) include application-level filtering, deep packet inspection, SPI, firewall hardening, and NAT.

    Because most home users do not have a Dynamic Host Configuration Protocol (DHCP) server on their home network, most Linksys routers feature DHCP server functionality built in to the router and enabled by default. This functionality allows a user to simply plug a computer into one of the router's switch ports, obtain an IP address that is valid for the router (typically on the 192.168.1.0/24 subnet), and then connect to the router using a web browser on the computer to configure the router accordingly (typically, the router internal interface IP address is 192.168.1.1).
    Filtering of traffic from internal sources breaks with the minimalist approach and applies a terribly flawed filtering philosophy to the router. The router allows all traffic from internal sources, blocking only the traffic that is explicitly defined. The reason for this "backward" implementation speaks to the heart of the debate over security and functionality.

    The vast majority of home users do not know what a port is, much less what they should or should not be filtering. By allowing all traffic by default, the router/firewall is easy to set up, with little to no configuration required to allow access to external resources. This easy setup dramatically saves technical support costs. Unfortunately, this insecure method of implementation allows all traffic to exit the network (for example, allowing a back door that has been installed on the user's computer to send sensitive information to a host on the Internet or allowing a virus/worm to propagate to external hosts). Because it is so easy to implement, however, ease has won out over security.
    broadband (if using one )routers provide a simple, NAT-based packet-filtering router solution (some of which include stateful packet inspection) for small office environments as well as for home-based networks and users. Although some broadband router models lack the robustness of stateful packet-inspecting firewalls and lack granularity for configuring port forwarding, you can use them in simple environments where the security risk does not justify a substantial investment. If you require granular filtering rules, or if you require more advanced filtering mechanisms than simple NAT and port forwarding, you should consider implementing a more advanced firewall such as the Cisco Secure PIX Firewall, Microsoft ISA Server, or NetFilter ........
    Ok hope that explanes Some of it ..if you need More indepth info than please Google ..
    itsmej
     
    Last edited: Feb 20, 2007
  5. blammer

    blammer Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    3
    Wow. Well, I definitely did not understand half of that...but I tried to follow as much as I could. Almost like listening to a non-English speaker talk about American brands...You can catch a bunch of words like Nike, Reebok, Coke, Pepsi, etc.

    It definitely sounds really interesting though. I wish I could sit down with you, buy you a cup of coffee, and just chat with you. Oh well...

    Thanks so much for the help. I will continue to school myself on the workings of Al Gore's creation. Your post will help with things to google as well.

    Thanks again!!
     
  6. itsmej

    itsmej Registered Member

    Joined:
    Feb 10, 2007
    Posts:
    109
    Location:
    Australia
    Your very Welcome i have all this stored on my Hard drive No-3
    i use a rack system Where one can swap drives around Easy ,Have 6 in Total
    in my nett Pc there is No fixed Drive (inside Installed )what that is ,a rack monted in the front of a pc .one can add 2 ,or Just one ,and Sliders that fit in them ,That hade the hard drive..4 of my pcs have at least 1 ,So i can swap around and Boot from any of them .with what ever setup i want...Like now Just for the Nett.Hard Configed..... the New one where i have 3, 400 GIG drives running.1 rack ..My swap ones (sliders) ,av,300 GIG smallest 150- Largest 500 Gig, just as of interest ..i dowload a lot of info ,that i can look up ,when ppl ask me or Some Els ,and help out where Needed..i have 15 years of Software ,Saved That i downloaded, and gifted to Me ,For safe Keeping,many ppl often ring me For a program,and a lot of the time i have it ..
    Its a nice hobby ,and gives me Joy Where and when i can help out .By the way Sometimes ather ppl Help Me as well and clad for any Info . i also have whats know as USB Box 2 of them (link by cable) to a switch BOX made by a friend .Thanks for your time and nice words , Be safe on the Nett
    ITSMEJ
     
    Last edited: Feb 20, 2007
Loading...
Thread Status:
Not open for further replies.