WAY OFF TOPIC!....How dangerous is this?

[Bill Wagner]

I frequent a local web site, mostly to see what's going on politically in the neighborhood. People post on this particular site anonymously, without passwords. Recently, someone has started logging in and using other peoples "names" as their own. To alleviate this problem, the webmaster of this site, who I think is a housewife, has started publishing the FULL IP addresses of each poster as the post gets sent.

I'm NOT a web security expert, but I know that some sites use static IP addresses, and others use dynamic IP addresses. If someone had, for example, a small ISP that was using static IP addresses, wouldn't the people running this site be exposing other people to a potential security risk...particularly if they have information like checking account and other financial account information available?

I'm pretty sure I'm safe, but I wonder about someone else that may frequent the site.

Thanks in advance,

Bill Wagner

[Zaphod32]

Hi Bill,
Static IP's are more and more rare. But for example me, from home have a dynamic IP, but the computer is connected to the internet 24 hours a day, so the IP is always the same anyway.

If someone wants some information from me, I don't really care, because I don't keep any vital information in that hard disk...

I don't think releasing the IP is any serious risk...

------------------
// jyri aka Zaphod32
-from Finland, Europe-
http://911porsche.cjb.net

[This message has been edited by Zaphod32 (edited 07-19-2001).]

[Ted Stringer]

If you have a good firewall in place I wouldn't worry. People can get your IP a lot easier than you think.

------------------
Ted Stringer
nuke3@juno.com
'84 911 Targa aka pocketrocket

[twin plugged targa]

Call me an old fart,
But I do not have any info on my laptop that could be used personal financial info, credit cards included for these reasons.
I will not even use a credit card over the internet, since Expedia.com used my credit card to double charge me for airtickets NY to South Africa for me and my wife. But they did manage to send 2 lots of tickets under the same name on the exact same flight!


I do not trust computors they are the work of the devil

[Wayne 962]

IP addresses are required to communicate with any other computer on the web - there's no way around it. It's like your telephone number for your computer. Since computers talk back and forth, the computer you're calling needs your number to send information back.

You can fake it and translate it, but it doesn't really matter. I see no security risk here.

What most people don't know is that your MAC address is also visible to the internet! This is the unique serial number of your network card. This means that even if you change IPs, the MAC address will stay the same. Very easy to track people in this manner.

But most people (like me) don't really care...


-Wayne

[emcon5]

Having your IP address isn't a big deal. Hackers don't target a specific address anyway, they target a range. I have ZoneAlarm running on my system at home, and it is shocking how many times I get probed every day. Very few of them are trying to communicate with my specific address, they are normally scaning block of addresses looking for systems listening on a specific port.

If you are running a Windows PC, I STRONGLY advise downloading and installing the free version of ZoneAlarm. It is easy to set up, easy to use, and very effective.

http://www.zonelabs.com/

For a simple web based test of some basic vulnerabilities of your PC, use Gibson Research Corporation's "Shield's Up!" test. It does a quick check to see if you are vulnerable to a few different attacks.

There is also some good information on how poor unsuspecting cable modem and dsl users PC's were used in Denial of Service attacks.
I don't agree with his assesment of how Windows XP will be the end of the world, but the rest is interesting.

Tom


------------------
82 911SC Coupe