From: Hunter on
Rod Speed wrote:
> Michael Bednarek wrote
>> Halfix NB wrote
>
>>> If for example I need to know my external IP for remote desktop
>>> management or other applications where I am connecting to another
>>> computer on the internet, then I should be able to find out the IP
>>> address without having to go to an unknown website. People seem to
>>> have a lot of unjustified trust in these websites. What is stopping
>>> these websitesusing the IP number for a malicious purpose?
>>> Would you want to put a customer or client at risk in this way?
>
>> If remote desktop management etc is important to you,
>> you need to invest in a static IP address; ask your ISP.
>
> He appears to want to be able to get the IP of others, so he can remotely
> desktop manage THEIR systems, presumably for maintenance etc even
> tho the first sentence of his does say his external IP.


There are free tools for this sort of thing that are pretty cool that go
through a broker service, TeamViewer is a great example of this (and I
think free to the home user), and from memory apart from having all the
standard security to keep the traffic private also ensures that the
addresses of either end are not exposed to each other (don't quote me on
that one, pretty sure that was part of their blurb though as all traffic
is passed via the broker, although it'd be a simple matter of checking
the address after control is established, but that's always going to be
the case, and if he is on the "controlling" end that could not occur on
his end anyway).

Personally I suspect a tad too much paranoia, most things he touches on
the internet are going to know his address.
From: Hunter on
Halfix NB wrote:
> "Craig Welch" <craig(a)pacific.net.sg> wrote in message
>
>> 90% of the sites that I visit are 'unknown' in that I don't know who owns
>> them, or what might lurk behind them. Why should I care? And there's
>> nothing they can do with my IP address.
>>
>
> 90% of the sites you visit might be 'unknown', but that is your choice. It's
> your choice to put yourself at that risk. What if I don't want to put
> myself or a customer/client at this risk?
>
> Your IP address represents, at the very least, a computer currently in use
> which could potentially have weak security or other vulnerabilities, as
> opposed to an IP number that is not in use, or a computer that is not turned
> on. The fact that your computer has visited one of those sites makes your
> IP address a lot more valuable to hackers etc.


If you're afraid to use a basic website that tells you your address then
I'd say give up on using the web or any other aspect of the internet
altogether. You can get very little out of the internet without the
other end knowing your address, and 99.999% of most people's usage will
involve "unknown" far ends in communication.

Tell me, do you trust the routers you are going through to get to your
so-called "trusted" end-points? Are you sure that there isn't any "man
in the middle" style invasions of privacy going on? Take a look at deep
packet inspection, we have a content filtering device where I work that
will allow us if we upgrade to perform this and even SSL traffic becomes
transparent with their technology (very handy in the world of content
filtering) and we are also looking at an IDS/IPS system which will also
do deep packet inspection right down into SSL traffic, how do you know
that none of the locations you're passing through to get to your
suposedly trusted end-point don't have something like this going on?

It's a very unrealistically paranoid view of the world that you have,
the ultimate security is to cut all lines to the outside world and lock
the doors, but it's not all that realistic at all. I'd be afraid of what
you tell your clients, and if you're in the IT game I'd be even more
afraid as your reasoning is completely wrong, compound that with your
apparent inability to manage basic tasks like get an external address
out of the device that you're hooking into for your internet access, and
I think they are probably pissing their money up the wall.
From: Halfix NB on

"Hunter" <hunter01(a)iinet.net.au> wrote in message
news:hj1jg9$nhr$1(a)news.eternal-september.org...
> Halfix NB wrote:
>> "Craig Welch" <craig(a)pacific.net.sg> wrote in message
>>> 90% of the sites that I visit are 'unknown' in that I don't know who
>>> owns them, or what might lurk behind them. Why should I care? And
>>> there's nothing they can do with my IP address.
>>>
>>
>> 90% of the sites you visit might be 'unknown', but that is your choice.
>> It's your choice to put yourself at that risk. What if I don't want to
>> put myself or a customer/client at this risk?
>>
>> Your IP address represents, at the very least, a computer currently in
>> use which could potentially have weak security or other vulnerabilities,
>> as opposed to an IP number that is not in use, or a computer that is not
>> turned on. The fact that your computer has visited one of those sites
>> makes your IP address a lot more valuable to hackers etc.
>
>
> If you're afraid to use a basic website that tells you your address then
> I'd say give up on using the web or any other aspect of the internet
> altogether. You can get very little out of the internet without the other
> end knowing your address, and 99.999% of most people's usage will involve
> "unknown" far ends in communication.
>
> Tell me, do you trust the routers you are going through to get to your
> so-called "trusted" end-points? Are you sure that there isn't any "man in
> the middle" style invasions of privacy going on? Take a look at deep
> packet inspection, we have a content filtering device where I work that
> will allow us if we upgrade to perform this and even SSL traffic becomes
> transparent with their technology (very handy in the world of content
> filtering) and we are also looking at an IDS/IPS system which will also do
> deep packet inspection right down into SSL traffic, how do you know that
> none of the locations you're passing through to get to your suposedly
> trusted end-point don't have something like this going on?
>

No, I don't know, but if I hit a standard site such as www.yahoo.com, I am
probably only going to pass through ISP-type machines along the way - try it
yourself with a trace-route tool. Yes, the employees at these ISPs might be
extracting some IPs but the risk is small and if they were ever caught it
would make world-wide news. Compare that to going directly to a site such
as whatismyip whose operation is unknown and dubious.

Yes I am taking a small risk by hitting any website, but I can certainly
lower my risks by not going to certain sites. And when the risk is
something that could be passed on to a client/customer, it's not something
anyone can take lightly. It would be like buying a lotto ticket where the
prize is that you get shot. You've got a one in 100 billion chance of
'winning', but would you ever buy a ticket?


> It's a very unrealistically paranoid view of the world that you have, the
> ultimate security is to cut all lines to the outside world and lock the
> doors, but it's not all that realistic at all. I'd be afraid of what you
> tell your clients, and if you're in the IT game I'd be even more afraid as
> your reasoning is completely wrong, compound that with your apparent
> inability to manage basic tasks like get an external address out of the
> device that you're hooking into for your internet access, and I think they
> are probably pissing their money up the wall.

It's


From: Hunter on
Halfix NB wrote:
> "Hunter" <hunter01(a)iinet.net.au> wrote in message
> news:hj1jg9$nhr$1(a)news.eternal-september.org...
>> Halfix NB wrote:
>>> "Craig Welch" <craig(a)pacific.net.sg> wrote in message
>>>> 90% of the sites that I visit are 'unknown' in that I don't know who
>>>> owns them, or what might lurk behind them. Why should I care? And
>>>> there's nothing they can do with my IP address.
>>>>
>>> 90% of the sites you visit might be 'unknown', but that is your choice.
>>> It's your choice to put yourself at that risk. What if I don't want to
>>> put myself or a customer/client at this risk?
>>>
>>> Your IP address represents, at the very least, a computer currently in
>>> use which could potentially have weak security or other vulnerabilities,
>>> as opposed to an IP number that is not in use, or a computer that is not
>>> turned on. The fact that your computer has visited one of those sites
>>> makes your IP address a lot more valuable to hackers etc.
>>
>> If you're afraid to use a basic website that tells you your address then
>> I'd say give up on using the web or any other aspect of the internet
>> altogether. You can get very little out of the internet without the other
>> end knowing your address, and 99.999% of most people's usage will involve
>> "unknown" far ends in communication.
>>
>> Tell me, do you trust the routers you are going through to get to your
>> so-called "trusted" end-points? Are you sure that there isn't any "man in
>> the middle" style invasions of privacy going on? Take a look at deep
>> packet inspection, we have a content filtering device where I work that
>> will allow us if we upgrade to perform this and even SSL traffic becomes
>> transparent with their technology (very handy in the world of content
>> filtering) and we are also looking at an IDS/IPS system which will also do
>> deep packet inspection right down into SSL traffic, how do you know that
>> none of the locations you're passing through to get to your suposedly
>> trusted end-point don't have something like this going on?
>
> No, I don't know, but if I hit a standard site such as www.yahoo.com, I am
> probably only going to pass through ISP-type machines along the way - try it
> yourself with a trace-route tool. Yes, the employees at these ISPs might be
> extracting some IPs but the risk is small and if they were ever caught it
> would make world-wide news. Compare that to going directly to a site such
> as whatismyip whose operation is unknown and dubious.


Why is it any more dubious than any other site? CNET, a relatively
respectable site, espouse the use of this site for a quick check of your
public address, much more useful when behind an internal network with
all sorts of fun NAT stuff going on and trying to find out exactly what
address you're going out on, usually in a scenario like yours though
it's easy to just check by having a chat with your device connecting you
to the internet (although still quicker using whatismyip or a similar
site generally).

As far as inspecting your traffic there's every likelihood your ISP is
already doing this before you even get out to the rest of the world to
do things like throttle torrent traffic and so on, as most ISP's offer
provisioning well over what they're capable of, so some are turning to
throttling of certain sorts of traffic to prevent bottle-necking.


> Yes I am taking a small risk by hitting any website, but I can certainly
> lower my risks by not going to certain sites. And when the risk is
> something that could be passed on to a client/customer, it's not something
> anyone can take lightly. It would be like buying a lotto ticket where the
> prize is that you get shot. You've got a one in 100 billion chance of
> 'winning', but would you ever buy a ticket?


Your example is ridiculous, the more appropriate example is you may have
a 1 in 1,000,000 chance of being hit by a car if you cross a road,
should you mitigate this risk by never crossing a road? Or just be
careful when you do cross the road? Your risk mitigation should never be
more costly to business than that of the risk itself if it should
actually occur.


In this case you have a perceived risk of possible malicious action if
you expose your ip.

The entirely wrong form of mitigation is to be paranoid about exposing
your ip, as you then create quite a number of new risks in relation to
impeding your ability to do business, research, pretty much anything on
the internet.

The appropriate mitigation is securing your system as much as possible
and possibly not going to suspect sites (a very different thing to
unknown sites), which is a category whatismyip does not fit into.

If you're a bank manager trying to mitigate the risk of robbery, you
don't take down all your signs and street numbers so that people don't
know there's a bank there, you invest in security. To take your coure of
action would damage the business.


>> It's a very unrealistically paranoid view of the world that you have, the
>> ultimate security is to cut all lines to the outside world and lock the
>> doors, but it's not all that realistic at all. I'd be afraid of what you
>> tell your clients, and if you're in the IT game I'd be even more afraid as
>> your reasoning is completely wrong, compound that with your apparent
>> inability to manage basic tasks like get an external address out of the
>> device that you're hooking into for your internet access, and I think they
>> are probably pissing their money up the wall.
>
> It's


Umm, ok.

From: Rod Speed on
Halfix NB wrote
> Craig Welch <craig(a)pacific.net.sg> wrote
>> Halfix NB wrote
>>> Craig Welch <craig(a)pacific.net.sg> wrote
>>>> Halfix NB wrote

>>>>> Handing out your IP number to a site of unknown origin could
>>>>> never be a good idea as far as security is concerned, regardless
>>>>> of how good your security software is.

>>>> Even though you do it every single time you visit a website?

>>>> EVERY SINGLE TIME.

>>> Yes, but these are websites that I am choosing to visit. I'm
>>> talking about being forced to visit an unknown site in order to
>>> perform a required function such as remote desktop management. Are you saying this is a good approach to security?

>> You're not being 'forced' to visit any unknown sites. Your mouse in entirely under your control.

> I am forced to visit sites of unknown operation if there is no other way to find out my external IP address.

Nothing to stop you doing you own site if you are that paranoid.

Or use your ISP's email service and work it out that way.

>> 90% of the sites that I visit are 'unknown' in that I don't know who
>> owns them, or what might lurk behind them. Why should I care? And there's nothing they can do with my IP address.

> 90% of the sites you visit might be 'unknown', but that is your
> choice. It's your choice to put yourself at that risk. What if I
> don't want to put myself or a customer/client at this risk?

Then you set up your own site, or use the ISP's email service.

> Your IP address represents, at the very least, a computer currently in use which could potentially have weak security
> or other vulnerabilities, as opposed to an IP number that is not in use, or a computer that is not turned on.

Yes, but if you are that mindlessly paranoid, you'd never use any web
site or email either, because both of those now the IP address too.

Or ever connect to your ISP's service either.

> The fact that your computer has visited one of those sites makes your IP address a lot more valuable to hackers etc.

Not if you have adequately protect your system.