IP addresses are visible by NTTP does this concern you?

[FeatherMonkey]

Does the fact your IP address is publicly available concern you?

So a little background to the poll, in discussion with members on the moderating team. I raised these points.

Firstly this isn't the expected or normal behaviour of web forums. IP's are hidden and only visible to the moderating team.

Regardless of my own thoughts of nttp. I really don't like the fact that Annie Anybody and Jo Everybody can associate my UserID with my IP.

Which with the way nttp is set up is very possible. I just find it strange that with all the forum software out there none allow anyone except the moderating team the ability to see the posters IP.

Yet with the nttp capability of this forum, all that is needed is to download a message and you have the posting IP in the header. They talk about obscuring email addresses in the faq's yet for me I'm more concerned with my IP being public and linkable to a UserID. And going on sigs with your ip is .. I don't think I'm alone.

OK so it doesn't make everyone uneasy ,but like me and the other ones that run around with sigs saying your IP is ... it does.

To me the easiest would be to keep them separate, OK so you might need to ban twice. But there is no need for Users IP's to go out to nttp from the forum. The mod team are privy to it(So they can ban the IP from both).

Lets be honest if they get banned from the forum they are hardly likely to resort to nttp usage just to post.

I do agree that losing them isn't an option but losing the headers IP's is. Just needs to use the forums IP or some Novell generic one. It has to go through the network and its trivial to change the header(Look in your spam acc). I would of thought it involves a lot of work to take the posting IP, from the forum software then to convert it into a nttp post and it isn't functionality that the forum software provides.

I just see it this way NTTP users know that there IP address is going out but many/most web forum users don't.

NOTE:=
I do agree that losing them isn't an option but losing the headers IP's is.

I just see it this way NTTP users know that there IP address is going out but many/most web forum users don't.
END NOTE:=

On a final note it concerns me due to the fact profiling is a lot easier. Say I post my ssh config up and it has a blatant error. No one responds but Mr Malicious decides he doesn't like me it is trivial to now use the exploit. Say you post that you're going to use something a little dubious till a better fix to which there is a post about at the moment.

It also makes it a bit pointless when people post configs with ip addys of the type ***.***.***.*** you just go get the headers. Just post your proper IP, mmm not something I would be happy doing.

I know that by obscuring my IP doesn't make me secure, but if you don't know my address then you can't burgle me.

Curious to know what other web forum users think and whether they were aware?

This isn't a web forum vs nttp poll but to see if web forum users expected this and there feelings on it. I suspect most nttp users know they are sending it.

[dgersic]

If you're that worried about somebody knowing what IP address your machine is using, you need more important things to worry about.

[ab@novell.com]

So going through this it appears you don't like it, it doesn't make you happy, and then at the end the issue for not liking and being unhappy is contained in the following comments:

<quote>
I know that by obscuring my IP doesn't make me secure, but if you don't know my address then you can't burgle me.
</quote>

<quote>
On a final note it concerns me due to the fact profiling is a lot easier. Say I post my ssh config up and it has a blatant error. No one responds but Mr Malicious decides he doesn't like me it is trivial to now use the exploit. Say you post that you're going to use something a little dubious till a better fix to which there is a post about at the moment.
</quote>

If I've missed something material please let me know.

So there are a few reasons that none of this really concerns me, and I don't really care about people knowing "my" IP address. First, let's start out with the things that don't matter. As a regular-old user on the world wide wait I pay my ISP to use one of their million IP addresses and those are given out to me whenever I power on my machine.... except that it's not really tied to my machine. Because I'm a regular old Joe-average user I have a little router that the phone/cable/fiber company gave me that lets me plug in two machines, and IT actually has the IP address that is publicly-accessible. Well, that's not even entirely true all the time. The device from the phone/cable/fiber company often has the actual IP address and then puts everything including my own router and machines on a private network with a 192.168.x.x or 172.16.x.x or 10.x.x.x network.

Going along the same path the IP address that is "mine" isn't really mine any more than a time share in Sun Valley, ID is "mine". Sure, while I'm there you can find me there, but if your arbitrarily launch a missile there you're not going to do me any damage unless runing my vacation plans in six months counts. IP address are typically static. Some ISPs let you get a static IP address so one is actually assigned except you until you leave and then it's assigned to the next Joe-average user, but Joe-average users don't get static IP addresses because there is no benefit in doing so. For those that do I'll address that later. Because IP addresses are dynamic you can launch a virtual missile at me and you're as likely to get the mayor across town as you are me, and even if you did happen to reach my "home" you would be attacking the poor little phone/cable/fiber box that the phone/cable/fiber company provided to me. Does that hurt me? Not really... I don't care if it breaks that much since I'll just get a new one (and a new IP address) and an attack from Mr. Malicious isn't likely to set the box on fire (I've never heard of that happening outside sci-fi stories).

So that leads to slightly-more-relevant points. What if my IP address really is mine (you can check; it really is mine). What can I do with your IP address? Well, I can send packets to it just like every other attacker, botnet, and virus is already doing to it every hour of every day without your knowledge. Many of these will be filtered by your ISP, potentially, though let's pretend that never happens. The rest of them will reach your cable/phone/fiber box and, since they are just unsolicited packets, immediately be sent to the bit bucket (/dev/null, a black hole, the garbage bin, and not the one that takes space); no lasting impact with that route. They could also send me e-mail..... except my e-mail through my ISP doesn't go to my IP address so that doesn't help them. They could try to reverse-lookup my IP address and find out who my ISP is and realize I'm somewhere under xmission.com, though that doesn't help much unless they have real missiles and then I'm going to die no matter how many IP addresses I hide behind. Pretty much everything you can do with an IP address that is malicious in a targeted way is already being done maliciously in an untargeted way (botnet, virus, etc.).

So what can you really do with an IP address? Not much. IF you change your default firewall settings AND put your box directly on the Internet then you may have a problem, but since this is really far from the default I'm going to have to agree that the poor sap deserves it. Putting a box directly on the Internet without knowing you are being attacked 24x7 is mindlessly arrogant (ironic) or ignorant (more likely). Running with a firewall that lets traffic into your box in a way that would let a malicious attacker do something is also insanely dumb. From the times I've been attached directly to the Internet with a full box that could get a LAN trace most of the attacks are geared toward microsoft OS's (TCP 135, 137, 139, 445, etc.) and the majority of the rest are for worms specific to windows (already-infected boxes.... we don't care about those as they're hopeless as is) or maybe a few standard ports for remote access (SSH, FTP, etc.). Since I've already stated putting your box directly on, and accessible by those on, the Internet and then opening ports is really dumb this isn't much of a concern. Those who do so are either professionals or are going to be compromised by the random scanning bot before they have time to make somebody in a forum mad. For the IP address you have at work that may actually be a real IP address (like mine at work often is) you have an IT department with probably no less than a router and a firewall both protecting you.

Now let's consider somebody who is truly malicious. I'll play that part. "Dear FeatherMonkey, oh great helper of Linux people... I have a web server problem. I get a weird error that I can't decipher when I go to http://www.mypage.com/getYourIPAddress.php that I can't figure out. Could you please go there and tell me what it means? This is my first time ever with a server and I'm pretty sure this is just about working, but the error looks like I'm missing a comma or a quote or a conscience or something.... Thanks in advance!!! Lol *shame*"

So being the generous person you are (caring about people who don't know their IP addresses are available) you visit the link, see the error message that the malicious individual created to make it appear PHP is missing a close quote somewhere, and in the meantime they (as the 0wn3r of the site they attacked and control) now know your IP address. You're back to your original point but without really having done anything and even if IP addresses weren't posted on the forum. Thankfully you aren't mindless and run a windows box without a firewall directly on the Internet, and if you did you wouldn't be any worse off since you'd already have more viruses than, well, a lady of the night.

So is this a problem? I don't think so. If you really expect anonymity everywhere you go online then you have to work at it just like in real life. IP addresses are not generally any one person's like they are sometimes assigned to a given company so there is some degree of feeling "hidden" historically but that is an illusion without working at it and truly implementing something that hides you well is just less-understood. For somebody truly concerned about having their IP known they must go out of their way to use a technology that guarantees anonymity and in doing so usually are beyond the scope of your concern.

I'm sure there are some scenarios I've left out, but considering the prevalence of anonymous attacks at random to IP addresses all day every day I don't think they matter any more than the notes made above.

Good luck.

[hendersj]

On Fri, 17 Apr 2009 18:26:01 +0000, FeatherMonkey wrote:

> This isn't a web forum vs nttp poll but to see if web forum users
> expected this and there feelings on it. I suspect most nttp users know
> they are sending it.

Yep, and it doesn't bother me one bit. If it did, I'd relay through an
anonymous proxy server or some other technique.

Doesn't particularly matter if the address is visible. How many websites
post web statistics that show source IP addresses taken from the logs?
Probably more than anyone realises.

Just having someone's IP address doesn't give you anything. Especially
as many, many users use dynamically allocated addresses.

Jim

[Dexter1979]

I don't really care I have better things to worry about then my IP being known. If people want to hack other people there are bigger fish out there and like a previous poster said there are so many random, automated hackers out there. I ones had my server attacked on it's SSH port (since mover from the dafault 22) by a guy or a bot in Miami. He was trying a brute force SSH hack and didn't succeed. All I had to do was change my IP and he was gone. The joys of dynamic IP addresses and DynDNS. Anyway, I'm indifferent about this subject.

[FeatherMonkey]

So I guess you'll have no problem showing me some forum software that replicates it. Also forum developers when they design them so that just the moderating team can see the IP's are being over paranoid.

I'd be interested in seeing forum software that is like so, perhaps you can find me some as I haven't been able to.

I'm afraid I trust forum developers on this subject.

[ken_yap]

Meh, you having my IP address means nothing. Practically all the attacks on addresses are worms trying random addresses and seeing if there are open ports, unpatched web apps, etc. It's too time consuming for human attackers to read forums and go aha he's running ssh, let's try a brute-force password attack on him. Maybe you're not even at that address any more by the time the attack is done. So it doesn't happen that way.

The danger of exposing IP addresses, web or NNTP, is more for people who have sensitive political views, e.g. a China blogger writing about Tibet and then getting traced to having posted from a particular Internet cafe by the authorities. But we're not that kind of forum.

[hendersj]

On Fri, 17 Apr 2009 22:46:01 +0000, FeatherMonkey wrote:

> So I guess you'll have no problem showing me some forum software that
> replicates it. Also forum developers when they design them so that just
> the moderating team can see the IP's are being over paranoid.
>
> I'd be interested in seeing forum software that is like so, perhaps you
> can find me some as I haven't been able to.
>
> I'm afraid I trust forum developers on this subject.

Tell you what, my IP address is in the header of this message (for the
NNTP-less, 66.167.14.8.

Be aware it's a dynamic address, so it may change. You can check if it
has by looking up ncciphotos.dyndns.org.

Let me know if I'm at risk by exposing the IP address to you *publicly*.

My point here is that if you don't use sufficient firewall protection,
you're exposed - and your IP address being visible in an NNTP message is
the absolute least of your worries - if you're not adequately protected
there are plenty of bots out there that will find that exposure and
exploit it if possible. Nobody's going to care if the address was
exposed publicly.

If having your IP address exposed is that big of a concern to you, then
you probably shouldn't be on the Internet at all, because any web site
you visit is going to record the address - and not all of them can be
trusted, either.

Jim

[caf4926]

An interesting topic. Obviously you realize that NTTP users are all intelligent individuals and having more than half a brain, they understand that there are far more productive things to be doing.
------------
You know of course that nearly every web page you visit has meta code which tracks info on you and your browsing activity. But so what. So long as you don't visit my home page having come from 'Weird pr0n', I'll not be coming after you

[Chrysantine]

Quote:

Originally Posted by caf4926

An interesting topic. Obviously you realize that NTTP users are all intelligent individuals and having more than half a brain, they understand that there are far more productive things to be doing.

It's funny tho', everytime someone points out a flaw in the nntp system, it's shrugged off as "it's ok, no one abuse it" which is 'somewhat' ironic considering the biggest selling point for many Linux users is security and privacy.

*chuckle*