|
Home »
Networking
» Network IP Addressing
Summary: IP addresses are encoded into email headers. But if you get two emails from the same IP address you can't assume that they came from the same computer. I have Hotmail and I've been getting nasty e-mails from somebody who I do not know. I figured out how to view the headers and try trace the IP addresses. As I was doing some trial and error from the X-Originating-IP addresses from people on my list, I noticed that one of my friends has the EXACT same X-Originating-IP address from the one I've been getting my nasty e-mails from. Is my old friend sending me nasty e-mails off of the same computer but through different e-mails? If it helps, there both Hotmail accounts. Thank you in advance for your help and assistance. Of course he could be, but the IP address doesn't prove it. There are several reasons that a single IP address could be used by several different computers. • In the simplest case, an IP address uniquely identifies your computer on the internet. However for many reasons that's becoming less and less common as computers proliferate. Routers An IP address only identifies whatever it is you have connected to the internet. In many cases these days, that's a router:
In a case such as this, all the computers to the left of the router will appear on the internet as having the same IP address. That IP address is actually assigned to the router, and it handles routing the traffic to the appropriate computer on the local network. In a case like this the IP address you've extracted from your email headers may get you as far as the router, but that's it. You can't tell which computer behind the router was responsible for it. The diagram above is a common home or small business configuration. It's important to realize, though, that in larger installations there could easily be hundreds of computers sharing a single or smaller set of IP addresses. Once again, with just the internet IP address, there's no way to tell which computer sent your email. Dynamic IP Addresses Many computers are connected to the internet using what's called a "dynamic" IP address. The IP address is assigned to that computer when it first connects to the internet, and is released when it disconnects. A common example is dial-up connectivity where the connection and disconnection are both obvious and frequent. Persistent connections can also use dynamic IP addresses, and in fact can be re-assigned a new address even without having to disconnect - though typically that's not the case. However even the slightest disconnection could cause a new IP address to be assigned. "...in larger installations there could easily be
hundreds of computers sharing a single or smaller set of IP addresses."
What's important to note here is that the IP address you were assigned yesterday might very well be used by someone else today. That means if your sender is using a dynamic IP address, then it might be someone else entirely if you see that same IP address in another email at a later time. There's no obvious way to know. Local IP addresses If the address you see begins with 192.168., 172.16. through 172.32. or 10. then it's not an internet IP address at all, but rather a local IP address assigned by a router. Looking at the diagram above again, you can see that internet IP addresses are assigned to the router's connection to the internet. However on the left, on the local side of the router, the addresses are assigned from a range of IPs reserved for local networks. Most home and small business routers assign from the 192.168. address range. The problem here is that if that's the IP address you're seeing, then it tells you pretty much nothing. There are probably tens of thousands of machines with that 192.168.?.? IP address, scattered on local networks around the internet. Without the internet IP address, there's just no way to get closer. The Bottom Line Ultimately, as I've said time and time again, trying to use IP addresses to locate someone is futile for the average person. Yes, technically there may be ways to backtrack, but it's complex, and often involves breaching privacy barriers that will require law enforcement and/or court orders. Related:
Article 11163 | Posted February 12, 2007 |
Popular & Hot How do I make a new MSN Hotmail account? How do I delete history items from my Google tool bar? My desktop Recycle Bin has disappeared - why, and how do I get it back? How do I delete my Hotmail account? I accidentally deleted my Recycle Bin in Vista - how do I get it back? New & Important How can I get the old Windows Live Hotmail back? Internet Safety: How do I keep my computer safe on the internet? Are free email services worth it? Would you please recover my password? My account has been hacked or I've forgotten it.
Stay Informed Archives Advertisers |
•
I'm in a battle of the bands compitition where the winner is judged by the amount of votes they get on line. You can vote once a day from your computer. They count your IP address. I'm worried that if an office of 40 friends all vote for me, they only count as one vote if it's the same IP address. 40 different computers, 40 people voting, one vote counted. Can this happen?
Posted by: kelly pettit at February 24, 2007 12:37 AMYes, it could.
Posted by: Leo Notenboom at February 24, 2007 10:38 AMThe crucial point in this case is that it's being sent from Hotmail. Any emails sent through a web-based service will have the webmail provider's email address as the X-Originating-IP because the actual computer used to send the message is not writing the headers. The headers will be written by the server-side script on the Webmail hosting providers service.
So any email sent from a webmail service will have one of the IP addresses that resolves back to the webmail provider, and all you can deduce from it is that the spammer was connected to the same webmail server as your friend on hotmail.
Posted by: Eli Coten at February 24, 2007 12:50 PM-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Actually, HotMail does occasionally include IP address of the computer
accessing the web service as the x-Originating-IP - I just confirmed it.
Not sure about other providers, but that bit of anonymity obviously
isn't guaranteed.
Leo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
iD8DBQFF4h2oCMEe9B/8oqERAjy0AKCLnKEIl+iRz+4Haw74kdfR+ehROQCbBjRY
Posted by: Leo Notenboom at February 25, 2007 03:37 PM175hbr7h5daL24hwQ2YjCVs=
=JAPa
-----END PGP SIGNATURE-----