Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IP not correct


  • Please log in to reply
7 replies to this topic

#1 rp101

rp101

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 28 January 2015 - 02:31 PM

Not sure if I am in right section, but I do have a vague security concern.

 

I have been having real problems with an ISP & so have been measuring my down- & up-load speeds for past few weeks using ookla. As you will know, this has a graphic showing one's location, & then the ping server location. I was generally shown in the "correct geographical area" ie London until recently, when it looked as if I had migrated to Scotland. Ths change in location is quite consistent & marked.

 

I was fiddling around today & checked http://whatismyipaddress.com/ - completely different from my IP address obtained via W8.1's IPv4 details on my actual computer. This "wrong" address does however show my correct ISP. My concern is that eg "projecthoneypot.org" shows spam originating from this address, altho it gives it a current clean bill of health.

 

I tend to be fairly careful re downloads of freeware etc, & I also tend to turn off geolocation requests & do not use "social media" other than email & skype if I can help it. However, some weeks back I managed to pick up a rather nasty PUP that I had to use a range of tools to get rid of it (eg mbam, rkill, jrt etc).

 

So long & short of this ramble is that "something" made ookla decide I had moved to Scotland - should I be concerned? I have given my HHD & software pretty good clean outs with a range of AV tools (from CCleaner to SuperSpyWare to Avast & AVG) but day to day protection relies on MS Defender.

 

Any thoughts appreciated - & feel free to move to correct posting area

 

Thanks



BC AdBot (Login to Remove)

 


m

#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,620 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:17 AM

Posted 28 January 2015 - 03:48 PM

No, don't worry, IP geolocation is not always precise.

 

If you have your public IP address, you can check where http://ip2location.com/demo puts you.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 rp101

rp101
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 28 January 2015 - 04:52 PM

Didier

 

Hi - thanks. I guess my concern is not the (in)accuracy of the geolaocation per se, but the pattern of all speed tests initially showing me in the London area, then a consistent shift to Scottish borders. Odd! But thanks for the reassurance re PUPs/Malware.

 

Also, why do I have a consistent "public IP address" very different from the one used/shown by my OS.

 

Thanks

 

R



#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,620 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:17 AM

Posted 28 January 2015 - 05:05 PM

I mentioned IP geolocation because that is what speed tests use to determine your location. Unless you are using a mobile device, then it uses the GPS/WiFi.

 

Do you know the difference between a public and privae IP address?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 rp101

rp101
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 28 January 2015 - 05:24 PM

Didier

 

Hi - no - as far as I was aware I had but one address!! Obviously not. Live & learn - if you have time for a 2-liner differentiating the two, then much appreciated

 

R



#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,620 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:17 AM

Posted 28 January 2015 - 05:48 PM

For IPv4:

 

A private IP address is an IP address in the following ranges:

10.0.0.0 - 10.255.255.255

172.16.0.0 - 172.31.255.255

192.168.0.0 - 192.168.255.255

 

A public IP address is an IP address that is not a private IP address.

 

In your setup:

Your router/modem receives a public IP address from your ISP, and uses a private IP address on your home network.

Your computer receives a private IP address from your router.

Your router does Network Address Translation (NAT): when your computer sends a network packet to a server on the Internet, the NAT router replaces the Private IP address of your computer in the network packet by the Public IP address of the router.

The Internet only allows Public IP addresses.

NAT was designed to solve the shortage of Public IP addresses on the Internet: there are not enough Public IP addresses to assign on to each computer that wants to connect to the Internet.

Private IP addresses can be reused, because they are not used on the Internet.

Your neighbor's computer can have the same Private IP address as your computer, but since your routers have a different Public IP address, there is no conflict.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 rp101

rp101
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 29 January 2015 - 04:34 AM

Didier - thanks for the idiot's guide. Best R



#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,620 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:17 AM

Posted 29 January 2015 - 06:26 AM

You're welcome

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users