More Awesome Than You!
Welcome, Guest. Please login or register.
2024 November 25, 12:06:39

Login with username, password and session length
Search:     Advanced search
540287 Posts in 18067 Topics by 6545 Members
Latest Member: cincinancy
* Home Help Search Login Register
+  More Awesome Than You!
|-+  TS2: Burnination
| |-+  The Podium
| | |-+  Question concerning IP addresses.
0 Members and 1 Chinese Bot are viewing this topic. « previous next »
Pages: [1] THANKS THIS IS GREAT Print
Author Topic: Question concerning IP addresses.  (Read 3609 times)
Nepheris
Irritating Ignoramus
**
Posts: 448



View Profile
Question concerning IP addresses.
« on: 2006 November 25, 13:24:10 »
THANKS THIS IS GREAT

As the title says, I've got a question concering IP addresses.

We've got a case of suspected multiple-accounts/identity forging on my boards. Sadly I don't know enough about IP addresses to be absolutely certain of a case of multiple accounts.
What I want to know is in how much an IP address has to be similar to come from the same computer/network. I know IP addresses can change (right?), so how will I still know if it's the same place the activity is coming from?

What I've got is three suspected accounts (though two are more suspicious). All three start with the same two series of numbers. Only two start with the same series of three numbers (but the first account hasn't seen much activity lately.) The last numbers differ, however. I've noticed that at least the 2 first series of numbers stay the same, though I'm not sure about the last two.

Any help would be appreciated, and I hope I've been clear enough in my question.
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
*****
Posts: 26288



View Profile
Re: Question concerning IP addresses.
« Reply #1 on: 2006 November 25, 13:35:21 »
THANKS THIS IS GREAT

As the title says, I've got a question concering IP addresses.

We've got a case of suspected multiple-accounts/identity forging on my boards. Sadly I don't know enough about IP addresses to be absolutely certain of a case of multiple accounts.
What I want to know is in how much an IP address has to be similar to come from the same computer/network. I know IP addresses can change (right?), so how will I still know if it's the same place the activity is coming from?
Generally, if an IP addresses matches the first or second points, they MIGHT be the same person, but they could be different people on the same ISP. There is no conclusive way to tell just from the IP address. If the IP addresses are EXACTLY the same, AND the people involved DON'T come from a large number of IPs (dynamic IPs chosen at random from a pool), then they MIGHT again be the same person, or they could be sharing the same proxy, as is common with AOL. There is no singular magic bullet that identifies it, it's just something you learn to pick up on from experience. Consider how blatant the offense actually is before coming to some kind of judgement.

What I've got is three suspected accounts (though two are more suspicious). All three start with the same two series of numbers. Only two start with the same series of three numbers (but the first account hasn't seen much activity lately.) The last numbers differ, however. I've noticed that at least the 2 first series of numbers stay the same, though I'm not sure about the last two.
If the last numbers differ, then they are likely different people on the same ISP. Check to see how stable the IPs of the actual individuals are. If they have relatively stable IPs (no more than 1-3), then they are likely different people, or someone who has cleverly kept his IPs entirely seperate. If they have unstable IPs and fluctuate across a large block of IPs, then your results are inconclusive.

Naturally, if that block of IPs is an AOL block (do an nslookup to see it resolves to AOL) or similar large ISP, all bets are off, even if the IPs are identical.
Logged

Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Nepheris
Irritating Ignoramus
**
Posts: 448



View Profile
Re: Question concerning IP addresses.
« Reply #2 on: 2006 November 25, 13:51:48 »
THANKS THIS IS GREAT

It's not an AOL block, but as all users claim to come from the same country, a shared ISP would be likely.

Thanks a lot for the explanation, I guess I'll have to use different methods to get some sort of 'proof'.
Logged
Baron
Marhis
Terrible Twerp
****
Posts: 2145


ISTP. Officially male since she plays MUDs


View Profile
Re: Question concerning IP addresses.
« Reply #3 on: 2006 November 26, 00:34:25 »
THANKS THIS IS GREAT

Every isp has some "rules" about their IP, the most important thing is to know how they manage their IP share among the users.
For example, I use two different ISPs: one of them (the actual I'm using, Fastweb in Italy) has all his users hidden behind a NAT; this means that every single user of Fastweb which lives in Bologna, Italy will have the same IP, that is the gateway's IP. The other ISP, Infostrada, gives me a dynamic public IP, but I noticed that it assigns me always the same, unless I don't login for a month or more. So, I have always 2 IP, fixed, although they are officially dynamic.
Logged

I say that a wise, when he does not know what he is talking about, should know enough to keep his mouth shut. -- C. Collodi, Pinocchio.
------
The one and only Rhayden's AIDE. Accept no substitutes.
dizzy
Souped!
*
Posts: 1572


unplugged


View Profile
Re: Question concerning IP addresses.
« Reply #4 on: 2006 November 26, 02:40:14 »
THANKS THIS IS GREAT

Good rule of thumb here: if the two accounts are active at the same time with the same IP, it's probably a clone. Otherwise, it's probably not a clone.
Logged

J. M. Pescado
Fat Obstreperous Jerk
El Presidente
*****
Posts: 26288



View Profile
Re: Question concerning IP addresses.
« Reply #5 on: 2006 November 26, 05:31:16 »
THANKS THIS IS GREAT

It often helps to resolve the IP in question to a DNS. If your resolved DNS contains strings like "dyn", "pool", "dial", then you're probably dealing with an individual user's dynamic IP. If you're seeing strings like "nat" or "proxy", you're dealing with a shitty ISP like AOL, which jams all its users on one IP and likely sells half-assed one-way Internet. Other things not fitting this rule are probably semisticky IPs, but there's no really clear way to tell. In most cases an identical IP indicates a high probability of the same user, except in the above rule.
Logged

Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
KatEnigma
Axe Murderer
Souped!
*
Posts: 1698


ENFJ


View Profile
Re: Question concerning IP addresses.
« Reply #6 on: 2006 November 26, 22:06:57 »
THANKS THIS IS GREAT

Do they always post with the same IPs? If so, then they are different people, definitely.  Some ISPs, like mine, give you a different IP every time you reset/disconnect the dsl/cable modem.  If they are doing that to get a different IP to use to post as someone else, there's no way they could get the same IP every time they wanted to post under the other account.

OTOH, if they are always posting with different IPs (and I mean always, or almost always, not every once in awhile) , then it's a possibility. Not proof, mind you, but a possibility, unless you know they are on dial up. Because I have to go out of my way to get a new IP, and I don't think even AOL just randomly changes your IP. Once you're logged into the system, you keep the IP until you do something, and if you have DSL or Cable, you're not logging out every time you turn off your computer and you don't sign out, normally.
Logged

"There is a tragic flaw in our precious Constitution, and I don't know what can be done to fix it. This is it: Only nut cases want to be president."

- Kurt Vonnegut
Pages: [1] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.072 seconds with 20 queries.