26

There seems to be a general bad vibe for someone having your IP address, but what are the real dangers? After all, I give my IP every time I connect to a website, regardless of the legitimacy of said site.

Assuming a malicious party has obtained my IP and wish to do Bad Things, what can they do?

Shelvacu
  • 2,363
  • 4
  • 17
  • 29
  • 4
    Knowing an IP address is useless. We all already know all addresses. What is needed is some knowledge of what hardware/software/firmware resides at a given address. – user2338816 Jan 20 '15 at 11:44

6 Answers6

15

What every company on the planet with assigned static IPs does.

At a minimum, firewall with default drop on unneeded inbound ports, patch all exposed services for vulnerabilities, don't have unneeded services listening, enable some sort of intrusion detection.

And you're not going to do anything much on inbound DDOS. Usually you have to do something to invite this kind of attention.

If they seriously want to mess with you, they will do targeted attacks by other means than directly working with an IP address. Once they're successful on that end, their malware phones home and knowing the IP address ceases to become an issue.

And it answers the question kind of in reverse. They will scan your IP to find out what kind of services are responding, attempt to use any replies to fingerprint both the responding OS and any service versions to see if there are vulnerabilities that can be exploited. And then there's the old Distributed Denial of Service attach where they just slam the door shut so you can't get out.

Fiasco Labs
  • 1,557
  • 10
  • 12
  • I'm sorry, the title was misleading. I wasn't trying to ask "What should I do?" but instead "What can an attacker do?". I have edited the title appropriately. – Shelvacu Jan 20 '15 at 05:34
3

I suppose you have a router with an active firewall. Your computer or smartphone connects to that router and gets a local IP address. That IP address is not public, and as long as you have no ports open on the firewall, no port forwarding to your computer, it should be relatively safe. The router does have a public address, and that can be used in several ways.

You can connect directly to the internet, and this is the case with smartphones which connect via 2G, 3G or 4G. Do these computers have firewalls, open ports? In general I guess they don't have open ports, unless you start something like an FTP-server. And they don't have a firewall if I'm correct. As long as there are no open ports this is not a problem. I suppose these IP addresses are dynamic, so after a while you get a new one, but I'm not sure if that is really the case. (As @Josef says in his comment, providers have a firewall that protects the phone which connects directly via 2/3/4G, and this seems logical.)

So your IP address... It's just a number, not secret in any way. It's one in a list of numbers starting with 0.0.0.0 and ending with 255.255.255.255. You are nothing but a number just as any of us is. What can be a problem is that if someone knows you, knows your (static home) IP address, and wants to target you personally.

The average hacker tries to install a rootkit on your computer. The hacker that targets you personally can use anything. Your IP address won't be that important.

Start a webserver at Amazon or Linode, open up the SSH port, monitor that port, and you'll see that on no time hundreds of attempts are done to login, just based on IP address. Day in day out, it never stops. Nothing personal, just business as usual in the modern world.

You focus on an attack. I guess the real issue is about privacy, because you can be tracked across websites. Hackers in general don't benefit from this because they don't control all those sites and cannot monitor their logs. Facebook and Google do. The NSA probably does. Someone who hosts a website where you post personal info can use it. Especially those "like" buttons that you see everywhere, on news sites, blogs etc - they are the a true privacy issue as those buttons are downloaded from Facebook or Google, and then they get your IP and know that you visited that one page.

There are many browser addons that promise to protect you, but only use the original ones like Privacy Badger, Adblock Plus or Ghostery. Addons that have a similar sounding name cannot be trusted and should not be used.

One example I just saw: A hacked DDoS-on-demand site offers a look into mind of “booter” users

SPRBRN
  • 7,449
  • 6
  • 35
  • 37
  • 1
    Almost all mobile providers have at least stateful inspection enabled, so you don't have any ports open to the Internet! Apart from security, a reason is that this enhances battery lifetime a lot! On the (IPv4) Internet, there is so much "noise" (random portscans etc.) that you get a package at least every few seconds at every IP! Your mobile device would have to wake up (uses power), send a confirmation (uses power) handle that package (99% of the time drop it), go back to sleep. I can disable the firewall and get a public IP at my provider. If I do, my tablet lasts only about half as long! – Josef Jan 20 '15 at 16:28
1

They could ISPDox you (Call your ISP up and claim to be with support, claim their lookup system is down and ask for your information). After that they will have your Name and Address, and they could SWAT you or ruin your credit score / dox you by publishing your SSN and other information online.

CarlosAllende
  • 353
  • 2
  • 7
  • 1
    ISP Doxing seems to be a US/Comcast specific problem?! http://hacksociety.net/Thread-Tutorial-How-To-ISP-Dox - Apparently this is common with Comcast? My ISP would never do something like this, or would they? Why does it matter that their lookup system is down? My ISP can see that my connection is working. Why would they give this info? – SPRBRN Jan 21 '15 at 08:50
  • @SPRBRN I have no idea why, but ive seen it happen loads of times with all different ISPs, although I have heard it is easiest with Comcast. – CarlosAllende Jan 22 '15 at 00:37
  • 1
    How can an attacker get your SSN from the ISP support line?? – cjnash Nov 24 '20 at 18:51
  • Imagine the conversation: "I know my IP address but I forgot my own name, can you help me?" – the_nuts Oct 08 '21 at 13:00
0

When the attacker has the IP address he can search the network that you are in and can attack on the same network. Such attacks can be DoS attack.

Irfan
  • 121
  • 6
  • 5
    This is only correct for ipv4; default ipv6 allocation is /64, it will take very long time to scan - even more so in non-lab environment. – Oleg Mazurov Jan 20 '15 at 05:28
  • @OlegMazurov Wouldn't DDoS or DoS against IPv6 still be an issue since the packets are only dropped due to non-existent/unrechable host *after* the ISP? – nanofarad Jan 20 '15 at 11:37
  • @hexafraction could be; although I'm yet to see a DoS on v6. The way things are configured at my ISP I can get another prefix every 10 minutes (and since ipv6 pool is so large I don't think this will ever be restricted); the packets aimed at the previous prefix will then be dropped at ISP. – Oleg Mazurov Jan 20 '15 at 16:27
0

Your question is just too broad.

In general, your device in the perimeter, that has that IP address assigned to one of their interfaces, may publish on that interface some services that would be accessible to the attacker.

Some services may require authentication (hopefully) and others may not. In every case, all the packets arriving to that IP will be processed by the OS kernel and dispatched properly if necessary. If the dispatching engine for those packets have a vulnerability just by listening to packets your system may be compromised. This is a rare case but it is possible. You may be hacked although you have not got any open ports. Difficult by possible.

If additionaly, you have open ports listening like 80 for a web server, 22 for ssh and others, the attacker may look for vulnerabilities in that services and exploit them to access your system.

Just hiding your IP is not a solution because an attacker may find it but you have to harden your system assuming that the attacker will get your IP eventually. In the other hand, not exposing your public IP is always a good thing if possible.

kinunt
  • 2,769
  • 2
  • 24
  • 30
  • 5
    `not exposing your public IP is always a good thing if possible.` But why? Assuming that I have no services running, I see no reason to attempt to keep your IP hidden. – Shelvacu Jan 20 '15 at 07:02
  • @shelvacu That you have no open ports does not mean that your TCP/IP stack does not listen to incoming packets. For example, if someone finds a vulnerability in the kernel code that manages incoming ICMP packets by exposing your IP but not having open ports you still can be hacked. I repeat, it is difficult, but it is possible to be hacked without any open ports because the kernel is listening to incoming packets. in the case the packet does not arrive to the kernel it still is read by the network card driver that may be also vulnerable. – kinunt Jan 20 '15 at 12:13
0

It could cost you money

Suppose the attacker sends large amounts of data too you, that gets dropped by your router/firewall. You might exceed a data-plan.

Also, there have been reports of DDoS attacks against gaming tournaments and such. This could possible cost you money.

Suppose you ran a business from home, and during a critical update/release/event you were attacked.


You could get hacked

I don't want to spread FUD. However, my firewall picks up automated attacks on a daily basis. If the public-facing devices on your network are insecure, your network could be compromised.

If you know an IP, you can identify the ISP. The company, the employees, and the equipment can be a security risk. I've found several articles, but none I feel comfortable linking. When was the last time you got a letter stating your modem's firmware was patched?


You could be implicated

I knew a nearby "small-town" ISP that banned certain protocols--even if it was unsolicited. Instead of blocking or throttling it, they would cancel your agreement. Needless to say, they weren't popular.

On the other hand, suppose a criminal organization accidentally faxed or mailed you a copy of their criminal plans. Law enforcement might implicate you. A similar situation could arise concerning technology. Although the seriousness of each case should light. Regardless, it would cause a major headache!

Nathan Goings
  • 878
  • 6
  • 14