Helping people with computers... one answer at a time.

IP addresses are fundamental to the way that the internet works. Spammers use botnets to send from hijacked machines and thus from their IP addresses.

Can you disguise an IP address? Lots of spam in many different countries that spam is sent from the same person using the same computer?

IP addresses are fundamental to the way that packets travel between computers on the internet. It is not possible to send a packet from computer A to computer B and hide or disguise the IP address of computer A, or the router though which it is connected to the internet.

What that means is that in order to "disguise" your IP address, you need to use a different computer entirely.

Spammers have just the technology for that, in the form of botnets. The result is that spam could easily be coming from computers that are completely unrelated to and nowhere near the spammer.

In this audio excerpt from a recent Ask Leo! webinar, I'll discuss what this all means.

Listen:
Download the mp3 (4M)

Transcript

Can you disguise an IP address? Lots of spam in many different countries that spam is sent from the same person using the same computer?

So several different questions actually in there. Can you disguise an IP address? Not really. IPs are fundamental to the way packets are sent between the equipment that makes up the internet.

So if you get data sent to your computer, in that data, the actual lower-level guts of that data is the IP address it came from; that cannot be spoofed. Now, where things get confusing is the second part of that question. Can spam be sent from the same person using the same computer? Absolutely, that's exactly what botnets are all about as just one example.

So what's a botnet? Let's say I have a virus on my computer. That virus might be software that actually does nothing harmful to my computer, nothing at all. All it does is it connects to that remote site that periodically gives the virus instructions for what to do.

Those instructions might be 'Send a piece of email; send spam.' In fact, the instructions might be 'send a piece of email; send it from leo@askleo.com; send it to mary@whatever.com and here's the text of the message: Viagra or whatever other body-part enhancing or drug, pharmaceutical thing it's trying to sell. When that email gets sent, it gets sent from the infected computer. So when that gets sent, it means it gets sent from that IP address of that infected computer.

The person who has that computer may have no idea that this is happening. They may have no idea that spam is being sent from their computer, but it is. And if anybody were to take the spam and attempt to backtrack the IP address from the headers, where that would lead them is not to the spammer, but to this infected machine. And in fact that does happen from time-to-time: a machine will be so badly infected that it's sending out tons of spam. The ISP will get notified that 'Hey, this IP address, they're sending a lot of spam' and probably got infected.

That is an extremely common way for spammers to hide the IP address where they really are by basically remote controlling thousands if not hundreds of thousands of other computers on the internet to send the spam on their behalf.

So it's very common. You'll often see spam come from all over the planet just because machines are infected all over the planet and yet they may all (under the control of a single bot herder who is giving instructions to all of these remotely infected machines too) go off and send spam. So it's very difficult given a piece of spam, a piece of email to really, honestly, truly determine where that spam truly originated. At best, you can find out what machine it was sent from, but that's not the same. So I hope that answers your question.

Article C5182 - April 8, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

2 Comments
Wonder
April 10, 2012 8:28 AM

What do websites like www.hidemyip.com
do to hide an IP address! How far are they effective in disguising or hiding IP address?

Acting as a proxy they route all your requests through their servers so as to make all the access looking like it's coming from them. Depending on how much you trust them your IP is still visible to the proxy/anonymization service.
Leo
11-Apr-2012
Rudy
April 10, 2012 8:35 AM

You can in a way disguise your IP address by using a VPN connection. Also one can use a proxy service.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.