How to find ip address of any device on your network

Bạn đang xem: How to find ip address of any device on your network Tại Website xmccomplex.com.vn

As we make our way through the global pandemic, the Internet is playing a crucial
role in normalising our day to day activities. Businesses have been going through rapid digital transformation,
contributing to increased online financial transactions, shopping, communication, education, and
entertainment. 

We are also witnessing an increase in cybercrime and other malicious online behaviours. There is a growing concern among people about
online security. As more and more news of scams and fraud make their way into our everyday conversations, we are
continuously made aware of the danger of being the victim of cybercrime. To make matters worse, the rising
concern of being monitored by government agencies and tech corporate giants have also created an uneasy sense of
being watched 24/7, resulting in paranoia and speculation. 

Right to digital freedom and online privacy

As a result, our right to digital freedom, online privacy and security have become
key topics of discussion on public forums. Not just for individuals but also for small to large businesses that
are concerned about the security of their business. This concern has given meteoric rise to the popularity of
VPN (Virtual Private Network)/proxy services.

The fear of online scams and unauthorised surveillance, combined with aggressive
marketing from VPN service providers, are driving the adoption of such services. Further, a simple and
affordable VPN service can start at just $10 per month, allowing you to switch your anonymity on or off as
easily as clicking a button.

The latest research from the Global Web Index has reported that more than 26% of all internet users rely on VPN services. The
potential market size of VPN is predicted to reach $88.6 Billion by 2027. 

The implication of Online Anonymity towards security

However, the growing use of such services also means it’s getting difficult for
online businesses to separate scammers from the good ones. Using online services like VPNs or proxies is similar
to visiting a physical store with a mask. It does hide your identity, but it also signals a threat to the
shopkeeper. What would you do if someone wearing a mask enters your shop, office or home? 

So there are two sides to maintaining your anonymity on the Internet. 

If you are living in a country which has an oppressive government that monitors your
digital footprints then, yes, it might make a lot of sense to hide your identity to protect yourself. However,
if you intend to carry out criminal activities or break the law, then it might not be fair use. 

It’s important to note that anonymity only hides your identity and you are still
vulnerable from cybercrime like getting tricked by phishing websites to share your personal information.

For
example, if your iCloud account gets hacked, it has more to do with the weak password and lack of additional
validation processes, than with not using VPN services.

Risk of VPN and Proxies

One of the most popular uses of VPNs or proxies is to circumvent geo-blocking to
access locked digital content in your region on platforms like YouTube, Netflix, online games or other popular
streaming services. You will also find VPN services promoting this on their homepages, and so this might be a
principal reason for users to adopt the service rather than just for the sake of security or privacy.

Image Source: GlobalWebIndex 

Though digital services implement robust technologies to detect unsolicited access,
it has become a cat and a mouse game where each side is trying to gain an advantage. 

Further, not all VPN services are created equally. Many free and cheaper services
don’t have strong security measures. It must be remembered that when you try to hide your identity from someone,
you are also at the same time giving it away to others. You might be invisible to others on the Internet, but
the VPN/proxy service providers still have all your historical behavioural data. Hence, it is a question of who
do you trust, your local ISPs or some international companies.

Public proxy services are notorious for being a hotbed for attackers. They are mostly
insecure, don’t necessarily hide your identity, and are filled with malicious ad links.

In Oct 2019, one of the most popular VPN service providers NordVPN confirmed that it was hacked. This exposed vulnerabilities in VPN services and opened them for scrutiny on public
forums.

Online Fraud

Among many types of cybercrime, payment fraud is the most common, where your credit
card details are stolen and misused by the criminal to carry out fraudulent transactions. In 2018 alone, the
total loss due to global card fraud was $27.85 billion. As more and more small and medium businesses move online, we might see this number
rise.

One key component of detecting such fraud is the detection of anonymous IP addresses.
No hackers or cyber criminals use their home internet service to carry out their nefarious activities. Most
attacks are originating from hosting services and other services which hide their real IP address.

Therefore, detecting anonymous IP addresses has become essential for online
businesses. Though not all anonymous IP addresses can be detected with 100% accuracy, such technology can
certainly act as a deterrent against online fraud.

Take for example the case of credit card fraud. The usual standard checks are to
compare the billing address, delivery address and the IP address of the user. Any detection of discrepancy or
anomaly can be used to probe the transaction further and prevent fraud.

By adding additional checks for identifying if an IP address is originating from
hosting, VPN or proxy servers, instances of fraud can be reduced even further. However, attackers are getting
more sophisticated in their approach. 

For example, it is common for attackers to hijack a residential router and use it as
a proxy to carry out fraudulent activities. This method is really difficult to detect because the originating IP
address appears benevolent and genuine. Even many fraud detectors would fail to classify such transactions as
fraud. But, hijacking home routers in itself is a difficult task. Hence stories have been emerging that suggest
many global and reputed ISP providers have been selling their residential IP blocks to proxy/VPN service
providers. More about this story can be read here.

This has heavy implications on our cybersecurity because an attack originating from a
residential network is very difficult to detect. Not to mention that it is already a mammoth task to detect
hosting and cellular network connections with IP addresses.

As a side note, this is the key area where BigDataCloud has been innovating and
developing technologies that can detect hosting networks which are not listed in any public registry or
directories. More about this in a later section.

Therefore, despite the popularity of VPN for protecting privacy and security, it has
a dominant role in the growth of online attacks. 

Is hiding an IP address worth it?

The main purpose of hiding an IP address is to protect your identity and hide your
online activities. However, hiding an IP address alone is only one way of protecting your online identity.
Today, when you visit a website there are various components working together to identify you. For example, the
use of social networking tracking tools like Facebook pixel, Linkedin tracker or Twitter tracker can reveal more
about your identity than an IP address. Moreover, if you are browsing through a mobile device you are likely to
reveal your personal information to companies like Google and Apple, even if you hide your IP address.

If you are really concerned about your identity then just hiding your IP address is
not enough. The ownership of an IP address is frequently changing, unless you have a statically assigned IP
address from your ISP, or you own a chunk of IP addresses and you are using them for your official or internal
purpose. Hence, masking IP addresses doesn’t provide 100% privacy.

Most hacking and cybercrime is the result of our own carelessness while surfing the
Internet and revealing our personal information to untrustworthy sites. A compromised email address, social
account or website is much more harmful than exposing your IP address.

Fear of IP Address Exposure

The general fear about exposing an IP address is that it reveals the location from
where you are accessing the Internet, which is true to some extent. With advanced IP geolocation technology and
the support of government officials and ISPs, it is possible to identify the location of IP addresses with high
accuracy. (If you are interested to learn more about IP addresses and how IP geolocation technology works, check
out our detailed blog post here.) 

But, you need to invest huge amounts of time, resources and support from the law to
accurately and precisely pursue geolocating IP addresses – and you need to be lucky in your search.

Also, if your IP address is compromised, it is possible for hackers to launch DDoS
attacks at your IP address by IP spoofing. This type of attack exploits the vulnerability of the design of
TCP/IP protocol where it is possible to falsify the IP address in the source header of the IP packets. As a
result, anyone can send random packets on the Internet by making them look like they are originating from your
IP address. As a result, your IP address starts to get continuous hits from everywhere resulting in temporary or
indefinite network congestion. This is analogous to someone sharing your email address to a list of junk
websites and jamming your mailbox with spam emails. However, the implementation of robust network security can
easily avoid such attacks.

Therefore the fear of someone stealing your IP addresses to reveal your home address
or using it to access your device is just a myth.

Methods of hiding your IP address

Before digging deeper into detecting anonymous IP addresses, let’s try to understand
the various ways in which a user can mask their IP address while browsing the internet.

Public Space WiFi:

By surfing the Internet using publicly available WiFi networks in restaurants,
libraries or airports, you are not compromising your personal home or office location. Hence, it is the easiest
way to surf the internet with anonymity. However, public space WiFi isn’t the safest place for accessing
sensitive websites because the network is widely accessible to anyone in the area and is susceptible to threats.
Further, as mentioned above, IP addresses are just one aspect of your identity available on the Internet, your
apps, social sites and many other agents are more prone to attacks.

Public Proxy servers:

A proxy server essentially acts as a middleman between the client and the server. It
can be placed at both the client-side and server-side. Based on where it is located it might be named
differently – forward proxy and reverse proxy. 

With the help of forward proxy, schools and offices can restrict access to the entire
Internet and limit their content. Reverse proxy, on the other hand, is implemented at the server-side to filter
the incoming requests and has various applications like load balancing, threat protection, caching, SSL
encryption etc. 

When the proxy server is placed at a different location than yours, it can be used to
mask your location because all your requests will be served by the proxy server. However, not all proxy servers
hide your IP address and use secure connections. Therefore, while using public proxy servers, you have to be
careful that you are not unknowingly compromising your data instead of protecting it. 

TOR:

The Onion Router(TOR) is a popular method of surfing the Internet to hide one’s
identity and it is commonly used by journalists and activists who have to bypass the authorities to communicate
or access information on the Internet. It is based on a decentralised system where the user’s request goes
through several servers before reaching the target. In addition, the requests are encapsulated with layers of
encryptions that are decrypted at each node, one by one, hence the name The Onion Router.

It is also a free and open-source project where volunteers worldwide participate to
create an overlay network consisting of more than seven thousand relays. You can easily use TOR by downloading
their browser from their website.
The browser is available for all major desktop OS and mobile devices. 

However, due to the nature of the network, it is comparatively slower than regular
internet browsing. Hence, it might not be effective for streaming video content, playing games and other
data-heavy activities.

VPN:

In recent years, VPN services have been mushrooming all over the place promising
security and privacy for the general public. However, the original intention of a VPN (Virtual Private Network)
was to allow users to remotely access a private network over a public network, hence simulating the experience
of being locally connected to the private network. This was established so that large organisations could
connect multiple branch offices together in order to access and share resources allowing remote workers to
access official resources securely via the VPN. 

Due to the nature of the network and how it encrypts data, it is widely illustrated
as a secure tunnel between two disparate networks. The popular VPN services, today, are using a wide range of
security protocols like OpenVPN, IKEv2/IPsec, WireGuard and so on to tunnel traffic from point to point or
between networks. As a result, VPN services allow users to mask their location and access restricted content or
bypass censorship.

However, many services are actively implementing technologies to detect VPN and flag
them. China, for example, only allows approved VPN providers to operate. Any use of unapproved providers is
considered a crime and users may have to pay a hefty penalty for it.

Hosting Providers:

Though not popular among the general public, using web hosting services to create
proxies to hide your IP address is a widely used method by bots and cyber attackers. As it is highly unlikely
for criminals to use their own ISP network to launch an attack, they are often found using hosting services. As
there are many hosting providers across the world, it is quite challenging to detect and flag them. Hosting
services are also popular among VPN providers and corporations.

Residential Proxy/VPN:

As mentioned in the previous section, the use of residential IP addresses as a host
for VPN services is growing and are largely undetected. This might sound alarming but security researchers have
been discovering services that claim to anonymise your IP address with
residential IP addresses, making it difficult to detect.
Residential IP addresses are those that are assigned by ISPs to the general public such as home internet service
providers.

In order to use such illegal services, users are mostly required to voluntarily share
their residential connection making it a part of a larger peer to peer network. However, research has also shown
that compromised IoT devices, malware and other illegal ways are also being widely used to hijack a residential
user’s internet connection to use it as a proxy. 

The other corroborating stories have also revealed that the global ISP providers are illegally trading their IP
addresses with nefarious ISP service providers who are using them for creating residential IP based VPN and
proxy services.

Considering that the setup of residential proxy/VPN services is highly suspicious,
they are mostly used to fraud or scam the system. One popular use includes creating fake social profiles on
Facebook or Gmail to carry out internet fraud like generating spammy website traffic or ad clicks.

In recent
cyber security research, it was reported that Australian marketers will lose $756 million in 2020 due to
invalid clicks on their paid search campaigns.

Similarly, such proxies can be used to create multiple fake
accounts for games and other social platforms to generate fake hits in order to manipulate the system.

Detecting Anonymous IP address – Proxies/VPNs

Though anonymising IP addresses provides privacy and some level of security to the
users, this is often exploited by scammers, hackers and fraudsters to carry out malicious activities. Hence, it
is of great importance for businesses to detect such connections and flag them for further investigation.
Imagine being able to detect fraudulent clicks and nullify the transaction, it would save millions to brands and
add value to the business.

As a result, various non-profit organisations and communities are constantly
monitoring the Internet to detect malicious activities and create blacklists.
Spamhaus project is one of such international organisations
that are working to provide real-time threat and reputation blocklists. These are widely used by ISPs, mail
service providers, corporations, universities, governments and the military to protect against cybercrime. Such
lists are really helpful in detecting anonymous IP addresses and suspicious activities.

UCEprotect is another community that is working on a mission to
obliterate mail spam. They have a stringent policy of blacklisting IP addresses at three different levels. At
each level, the range of IP addresses increases to include the entire AS network. They also use various spam
traps and work with partners to monitor servers that are sending spam emails. Upon detection, the IP address is
blacklisted until no further spam activities are detected. 

The above lists are generally created based on the detection of cyber attacks and
spam activities. However, the other method is to discover a list of IP addresses listed on free public proxy
service providers and use them to create a list of IP addresses belonging to proxy servers. Generally, bots are
implemented to crawl sites that advertise proxy servers to build such lists.

TOR, on the other hand, publicly shares the list of TOR nodes on their website making
it easier for businesses to detect traffic from their network. 

Another rather technically complex method in detecting proxy access is by using Snort
rules. Snort is a popular and widely used open-source Intrusion Detection System. It operates at the
network (IP) layer and transport (TCP/UDP)
layer protocols where
you can write snort rules to check various parts of data packets for known attack signatures. However, this
method requires active monitoring of packets arriving at your server and flagging activities that look
suspicious. 

All the methods listed above are reactive to a threat that has already been observed
and listed. They cannot detect all the malicious services and are limited to identifying only services that are
listed on relevant websites. The next section discusses how to protect against a new unknown attack from a fresh
source.

Detecting Hosting Environments

A more proactive approach needs to be implemented to detect new attacks from unknown
sources and handle them. One such method lies in detecting the likelihood of IP addresses belonging to hosting
environments. 

Considering that the majority of cyber-attacks originate from hosting environments,
detecting the network type of an IP address can play a huge role in fraud detection.

For example, a data centre or widely speaking a hosting IP address originated
activity should always be handled with great caution, for instance, when placing an e-commerce order or leaving
a comment on a blog.

One straightforward method of detecting hosting environments is by carrying our
reverse DNS on the IP address and parsing the domain name to detect the company or service name. Most standard
and global hosting providers like Google or Amazon, use standard naming systems that are easy to
identify. 

But there are thousands of hosting providers who don’t follow the standards and
further curating the list of hosting providers name in itself is a challenging task. Similarly, with VPN
providers, we might be able to detect VPN connections based on their DNS information but it is not
foolproof.

At BigDataCloud, we utilise our
proprietary AI-based technology to examine every IP address globally to estimate the likelihood of the network
being assigned to a hosting environment. The outcome of this assessment is provided as a ‘hostingLikelihood’
score ranging from 0 to 10. Moreover, we also provide a metric to detect if the Autonomous System, which
announced the network, is likely to be a hosting provider or not.

However, detecting the hosting environment is difficult and rare. Due to our existing
IP geolocation technology, which is the first fully scientific
method, we are able to detect hosting environments using various
forms of evidence available. This method not only works for unidentified VPN/Proxy and hosting networks but also
residential proxy connections which are more fuzzy in nature.

Conclusion

Detecting a malicious IP address is complex and a 100% accuracy rate cannot be
achieved. Though not all anonymous IP addresses are malicious, all malicious IP addresses are definitely
anonymous. Hence, a false positive result of detecting such IP addresses is much better suited for dealing with
fraud rather than accurate detection. Further, IP detection combined with other common logics and available user
data can strengthen fraud detection. 

Though anonymous IP addresses have their place in protecting privacy and security to
some level,  their usage in cyber-crime threatens the security and growth of online commerce. As more and
more people start using VPNs and similar services to browse the internet, it is going to become more difficult
to identify them. A single technology isn’t going to be enough to prevent an increase in global cybercrime, it
will require the collaboration of various parties involved in delivering internet services and products around
the world.

Xem thêm bài viết thuộc chuyên mục: Wiki