Technical Discussion
  >> Technical Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | [2] | (show all)   Print Thread
Standard User meditator
(fountain of knowledge) Tue 07-Mar-17 00:11:02
Print Post

Re: What's the significance of the 'Internet' indicator?


[re: caffn8me] [link to this post]
 
caffn8me,

I've now asked my ISP if they can think of anything that might provide an explanation for what I'm observing but the only thing suggested was that some of the Internet indicator activity might be due to the router's 'keep alive' feature, which is where the router from time to time sends one or more packets in the direction of the Internet during idle periods which effectively say, "this is confirming that I'm still here and so please keep the connection going." But apparently these wouldn't be being sent all the time in the idle situations. Whether or not 'keep alive' signalling actually stretches beyond the exchange and right back to the ISP's network I'm not sure myself; my guess is that it wouldn't, and so wouldn't stimulate the Internet indicator.

My ISP has offered to give me an alternative IP if I wish, but if the problem in hand has arisen through being given an IP that'd previously been hammered and maybe exploited, then what's to say that any new IP might also have had a dubious history, perhaps worse than my present one?

I've had a look in my router's logs. In the system log I found the usual succession of somewhat cryptic messages, but nothing that looked suspicious to me. The security log was a different story - it had absolutely nothing in it - which I reckon is mighty odd. (I did clear both logs about 2 days ago, though).

As for shodan, I've had a brief look at the site. Can you vouch for the site's general integrity? I mean, have you used it yourself in the manner you suggested and, if so, how did you deal with the obvious issue that you'd be doing the one thing you'd never normally dream of ever doing - publishing, or at least leaving, your IP address on a website (regardless of whether it might be publicly viewable)? But there again, isn't someone's IP address quite easily determined from a Who Is- type lookup of their e-mail address?

Perhaps, in my old age, I'm just getting paranoid about Internet security?

Edited by meditator (Tue 07-Mar-17 00:12:39)

Standard User RobertoS
(elder) Tue 07-Mar-17 00:52:25
Print Post

Re: What's the significance of the 'Internet' indicator?


[re: meditator] [link to this post]
 
In reply to a post by meditator:
As for shodan, I've had a brief look at the site. Can you vouch for the site's general integrity? I mean, have you used it yourself in the manner you suggested and, if so, how did you deal with the obvious issue that you'd be doing the one thing you'd never normally dream of ever doing - publishing, or at least leaving, your IP address on a website (regardless of whether it might be publicly viewable)? But there again, isn't someone's IP address quite easily determined from a Who Is- type lookup of their e-mail address?

Perhaps, in my old age, I'm just getting paranoid about Internet security?
I know nothing about shodan, but every site you visit automatically sees your IP address. As for determining it from your email address, not in the way you put it. Much easier. It is included as part of the header information of every email you send. And the IP address of the sender of emails you receive is in those email headers. Though people can falsify them - that's called spoofing.

Kindness isn't going to cure the world of all its awfulness but it's a good place to begin. Daisy Ridley.
My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 65258/14193Kbps @ 600m. BQMs - IPv4 & IPv6
Standard User ian72
(eat-sleep-adslguide) Tue 07-Mar-17 08:30:53
Print Post

Re: What's the significance of the 'Internet' indicator?


[re: RobertoS] [link to this post]
 
And the IP address of the sender of emails you receive is in those email headers


Just to add a little more detail. One of the benefits of using webmail in that scenario is that the source IP would be of the webmail server not of the home network - if using a client then you are absolutely correct but many people might use webmail in which case the other end would have no record of the home network IP.


Register (or login) on our website and you will not see this ad.

Standard User RobertoS
(elder) Tue 07-Mar-17 08:47:16
Print Post

Re: What's the significance of the 'Internet' indicator?


[re: ian72] [link to this post]
 
That had never occurred to me blush. Thanks.

It's not likely to stop me using a client, but is a thought. Like wanting a static IP address can be considered dangerous, in the same context.

Kindness isn't going to cure the world of all its awfulness but it's a good place to begin. Daisy Ridley.
My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 65258/14193Kbps @ 600m. BQMs - IPv4 & IPv6
Standard User caffn8me
(knowledge is power) Wed 08-Mar-17 22:30:32
Print Post

Re: What's the significance of the 'Internet' indicator?


[re: meditator] [link to this post]
 
Good evening, apologies for the slow reply. I've been 'up in the air'.

Shodan is a long-standing and reputable website. It just catalogues 'devices' and services it finds on the internet.

Depending on how you set up your internet security it may or may not find all the services you run which are publicly available. I have used it on all the IP addresses I have control of and for me it is only partially successful. It correctly identifies some services I want to be externally visible but it's worth checking to see if your IP address is associated with any particular ports or services.

Occasionally I'll see something interesting in my own firewall logs and I'll check the source IP address against Shodan. That will often tell me why the activity is happening. It will reveal what services the source IP is running and that will let me see how that host has been compromised to be used as a launchpad for attacks.

As has already been said, unless you use an external proxy, every web site you visit will know your IP address. It doesn't mean your connection is more likely to be attacked.

Certain ISPs which provide particular customer hardware may well be targeted when vulnerabilities in that hardware are discovered. A recent example was the widespread successful hack against TalkTalk routers.

Webmail doesn't always hide your original IP as many webmail providers include an X-Originating-IP header in mail they process.

It's certainly worth using GRC's Shields Up! scan to see what face your router presents to the internet. It's an interactive scanner and as well as the UPnP test, which you really should do, also check the other scan buttons below such as "File Sharing" "Common Ports" "All Service Ports" etc.

If your router logs show nothing interesting, the GRC scans show nothing and you know there aren't any vulnerabilities exploitable on your router you're probably pretty safe. Any information relating to your IP address on Shodan would be related to past users.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Standard User ian72
(eat-sleep-adslguide) Thu 09-Mar-17 08:36:18
Print Post

Re: What's the significance of the 'Internet' indicator?


[re: caffn8me] [link to this post]
 
To be honest even if your IP wasn't seen the fact that all IP address ranges are published if there was a vulnerability on a particular ISP then all attackers would do is scan the whole IP subnet for any vulnerable devices - they don't need a list of active IPs as they don't need to target individual addresses in that way.
Standard User caffn8me
(knowledge is power) Thu 09-Mar-17 15:17:02
Print Post

Re: What's the significance of the 'Internet' indicator?


[re: ian72] [link to this post]
 
Hence my comment about particular ISPs being targeted if they have known vulnerable customer premises equipment.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Pages in this thread: 1 | [2] | (show all)   Print Thread

Jump to