More Awesome Than You!
Welcome,
Guest
. Please
login
or
register
.
2024 November 25, 12:06:39
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Search:
Advanced search
SUPPORT THE MUNICIPALITY!
Have you destroyed a paysite today?
"Jelenedra" is the new "gay".
All Lythdans are stupid and suck!
DEATH TO ALL STUPID HAIRY-BELLIED NESSES!
All Kewians are stupid and suck! Accept no Kewian-based substitutes!
Clearly, BlueSoup has failed us! You must not! BlueSoup has a fat head!
Hobbsee has a
scrawny pencil neck.
Rohina the Ugly Butted is a Horny Turkey
540287
Posts in
18067
Topics by
6545
Members
Latest Member:
cincinancy
More Awesome Than You!
TS2: Burnination
The Podium
Question concerning IP addresses.
0 Members and 1 Chinese Bot are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: Question concerning IP addresses. (Read 3609 times)
Nepheris
Irritating Ignoramus
Posts: 448
Question concerning IP addresses.
«
on:
2006 November 25, 13:24:10 »
As the title says, I've got a question concering IP addresses.
We've got a case of suspected multiple-accounts/identity forging on my boards. Sadly I don't know enough about IP addresses to be absolutely certain of a case of multiple accounts.
What I want to know is in how much an IP address has to be similar to come from the same computer/network. I know IP addresses can change (right?), so how will I still know if it's the same place the activity is coming from?
What I've got is three suspected accounts (though two are more suspicious). All three start with the same two series of numbers. Only two start with the same series of three numbers (but the first account hasn't seen much activity lately.) The last numbers differ, however. I've noticed that at least the 2 first series of numbers stay the same, though I'm not sure about the last two.
Any help would be appreciated, and I hope I've been clear enough in my question.
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: Question concerning IP addresses.
«
Reply #1 on:
2006 November 25, 13:35:21 »
Quote from: Nepheris on 2006 November 25, 13:24:10
As the title says, I've got a question concering IP addresses.
We've got a case of suspected multiple-accounts/identity forging on my boards. Sadly I don't know enough about IP addresses to be absolutely certain of a case of multiple accounts.
What I want to know is in how much an IP address has to be similar to come from the same computer/network. I know IP addresses can change (right?), so how will I still know if it's the same place the activity is coming from?
Generally, if an IP addresses matches the first or second points, they MIGHT be the same person, but they could be different people on the same ISP. There is no conclusive way to tell just from the IP address. If the IP addresses are EXACTLY the same, AND the people involved DON'T come from a large number of IPs (dynamic IPs chosen at random from a pool), then they MIGHT again be the same person, or they could be sharing the same proxy, as is common with AOL. There is no singular magic bullet that identifies it, it's just something you learn to pick up on from experience. Consider how blatant the offense actually is before coming to some kind of judgement.
Quote from: Nepheris on 2006 November 25, 13:24:10
What I've got is three suspected accounts (though two are more suspicious). All three start with the same two series of numbers. Only two start with the same series of three numbers (but the first account hasn't seen much activity lately.) The last numbers differ, however. I've noticed that at least the 2 first series of numbers stay the same, though I'm not sure about the last two.
If the last numbers differ, then they are likely different people on the same ISP. Check to see how stable the IPs of the actual individuals are. If they have relatively stable IPs (no more than 1-3), then they are likely different people, or someone who has cleverly kept his IPs entirely seperate. If they have unstable IPs and fluctuate across a large block of IPs, then your results are inconclusive.
Naturally, if that block of IPs is an AOL block (do an nslookup to see it resolves to AOL) or similar large ISP, all bets are off, even if the IPs are identical.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Nepheris
Irritating Ignoramus
Posts: 448
Re: Question concerning IP addresses.
«
Reply #2 on:
2006 November 25, 13:51:48 »
It's not an AOL block, but as all users claim to come from the same country, a shared ISP would be likely.
Thanks a lot for the explanation, I guess I'll have to use different methods to get some sort of 'proof'.
Logged
Baron
Marhis
Terrible Twerp
Posts: 2145
ISTP. Officially male since she plays MUDs
Re: Question concerning IP addresses.
«
Reply #3 on:
2006 November 26, 00:34:25 »
Every isp has some "rules" about their IP, the most important thing is to know how they manage their IP share among the users.
For example, I use two different ISPs: one of them (the actual I'm using, Fastweb in Italy) has all his users hidden behind a NAT; this means that every single user of Fastweb which lives in Bologna, Italy will have the same IP, that is the gateway's IP. The other ISP, Infostrada, gives me a dynamic public IP, but I noticed that it assigns me always the same, unless I don't login for a month or more. So, I have always 2 IP, fixed, although they are officially dynamic.
Logged
I say that a wise, when he does not know what he is talking about, should know enough to keep his mouth shut. -- C. Collodi,
Pinocchio
.
------
The one and only Rhayden's AIDE. Accept no substitutes.
dizzy
Souped!
Posts: 1572
unplugged
Re: Question concerning IP addresses.
«
Reply #4 on:
2006 November 26, 02:40:14 »
Good rule of thumb here: if the two accounts are active at the same time with the same IP, it's probably a clone. Otherwise, it's probably not a clone.
Logged
Readability counts.
-
Have you destroyed a costly operating system today?
-
Copyright Must Be Destroyed!
-
Ex veritate veritas
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: Question concerning IP addresses.
«
Reply #5 on:
2006 November 26, 05:31:16 »
It often helps to resolve the IP in question to a DNS. If your resolved DNS contains strings like "dyn", "pool", "dial", then you're probably dealing with an individual user's dynamic IP. If you're seeing strings like "nat" or "proxy", you're dealing with a shitty ISP like AOL, which jams all its users on one IP and likely sells half-assed one-way Internet. Other things not fitting this rule are probably semisticky IPs, but there's no really clear way to tell. In most cases an identical IP indicates a high probability of the same user, except in the above rule.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
KatEnigma
Axe Murderer
Souped!
Posts: 1698
ENFJ
Re: Question concerning IP addresses.
«
Reply #6 on:
2006 November 26, 22:06:57 »
Do they always post with the same IPs? If so, then they are different people, definitely. Some ISPs, like mine, give you a different IP every time you reset/disconnect the dsl/cable modem. If they are doing that to get a different IP to use to post as someone else, there's no way they could get the same IP every time they wanted to post under the other account.
OTOH, if they are always posting with different IPs (and I mean always, or almost always, not every once in awhile) , then it's a possibility. Not proof, mind you, but a possibility, unless you know they are on dial up. Because I have to go out of my way to get a new IP, and I don't think even AOL just randomly changes your IP. Once you're logged into the system, you keep the IP until you do something, and if you have DSL or Cable, you're not logging out every time you turn off your computer and you don't sign out, normally.
Logged
"There is a tragic flaw in our precious Constitution, and I don't know what can be done to fix it. This is it: Only nut cases want to be president."
- Kurt Vonnegut
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
TS4: The Pee-ening
-----------------------------
=> Insert Amusing Name Here
=> Facts and Strategery
-----------------------------
TS3/TSM: The Pudding
-----------------------------
=> The World Of Pudding
=> Facts & Strategery
=> Pudding Factory
===> World of Puddings
===> Pudding Plots
-----------------------------
TS2: Burnination
-----------------------------
=> The Podium
===> Oops! You Broke It!
=> The War Room
=> Planet K 20X6
===> Building Contest of Awesomeness
=> Peasantry
===> Taster's Choice
-----------------------------
The Bowels of Trogdor
-----------------------------
=> The Small Intestines of Trogdor
=> The Large Intestines of Trogdor
-----------------------------
Awesomeware
-----------------------------
=> TS4 Stuff
=> Armoire of Invincibility
===> AwesomeMod!
=> The Armory
===> Playsets & Toys
===> The Scrapyard
-----------------------------
Darcyland
-----------------------------
=> Lord Darcy Investigates
-----------------------------
Ye Olde Simmes 2 Archives: Dead Creators
-----------------------------
=> Ye Olde Crammyboye Archives
=> Ye Olde Syberspunke Archives
-----------------------------
Serious Business
-----------------------------
===> Spore Discussions
Loading...