Finding someone else's IP can be as easy as looking at the full
headers of email that they've sent you, or monitoring network
connections for certain types of instant messaging and chat
applications. Web sites routinely get IP address information for all
visitors. They very nature of how the internet works dictates that
when two computers talk to each other, they know each other's IP
addresses.But once you've received an IP address, what can you
tell about it?
Some IP's are easy - they're static, and have a DNS name
associated with them. For example, in a Windows XP Command Shell,
enter the following command:
ping -a 17.254.3.183
The "-a" switch tells ping to do a "reverse DNS lookup", and
print the first domain name it finds associated with the IP address
you've specified. In this case, ping should include "apple.com" in
its output, which is a domain name assigned to that IP.
With that domain name you can then do a "whois" lookup through
using whois
tools. That information will often include the information about
the individual or organization that owns the domain. In this
example, it does not, but includes the name of the registrar,
markmonitor.com. Visiting that site there is a small "whois" link
which, when run against "apple.com" returns all the information that
you might want. Apple.com is owned, not surprisingly, by Apple
Computer, Inc., and full address and contact information is
available.
What if the ping doesn't work, or doesn't return a domain name?
Then things get less precise.
In this case, we go to
ARIN and
use their IP "whois" tool. If we enter an IP address such as
206.124.145.17, we'll find that it's part of a block of addresses
assigned to an ISP. In order to determine who actually is using that
IP address, if anyone, the ISP would have to get involved. Note that
without their involvement, the physical location of a machine at a
specific IP address can not be determined.
Now, it's important to note that an IP address may, or may not,
identify a specific computer. In many cases, such as large
corporations, it identifies a gateway of some sort that acts as a
router or proxy for any number of computers. Behind the gateway, the
computers can all see each other, but from the internet the
individual machines are indistinguishable from each other ... they
all look like they come from the same IP address.
The same is true when you use a router at home. You might have
any number of computers behind it, but from the internet, it appears
as if you have only one IP address. Your individual computers are
not directly accessible by default.
And that leads to my final point: use a router or a firewall. If
you connect directly to the internet, then your IP address can be
used by others on the network to attempt to connect directly to your
PC and exploit any vulnerabilities. By using a router your computer
cannot be contacted directly. Alternately, a firewall blocks the
intruders from gaining access to your machine even if they do reach
it.
.
