Is IP hacking THIS easy?!
OK we’ve been learning about Operating Systems and more recently, security on computers at college. We installed firewall software (ZoneAlarm to be precise) which was a new experience for some of the class members, although not myself.
Afterwards, we were told to open the Telnet service by going to Start, right clicking My Computer > Manage, then Services and thenĀ turning it on from there. We pinged a few people’s IP address in the classroom and had great fun creating new folders etc. by typing “telnet [IP address]” and then the chosen command. The whole purpose of this was to see what the firewall would block and what it wouldn’t. The ping tests we usually blocked off (timed out) but the telnet thing wasn’t as long as the service was activated.
Anyway, I wanted to try this back home with my bros PC. Sadly, he’s running XP Home and telnet doesn’t come included with it. I tried going from his computer to mine as I’m running XP MCE 2005 but the router probably blocked it since I couldn’t connect.
Out of sheer interest, I wondered if I could ping a random person’s IP. I suddenly realised that there is a mass of IP addresses sitting where users probably wouldn’t even think about security - Wikipedia! Millions of anonymous people edit articles all the time and wouldn’t even think about the security of leaving their IP address open for any randomer to see.
I found a popular article, looked at the history and pinged the first IP I found - it went through first time and brought back some information. I then tracert-ed it and this brought a wealth of other IPs are the hosts.
I’m not a hacker, so I don’t know any particular commands to actually do anything with their IP, but Wikipedia should be a bit more careful in the future in my opinion. When editing anonymously, it should inform users they’re leaving their IP address online for anyone to pick up, and if they don’t have a firewall, they are seriously risking their security!
Before I receive a lot of hate mail on this topic, I’d like to make it known that if I knew how to hack, I wouldn’t do so maliciously. I know how it feels when someone hacks a web site and wipes off all of the files - thankfully there was a backup. Ethical hacking (finding exploits and making these known to improve future security) is my motto.
November 15th, 2007 at 3:49 pm
I’m glad I never edited any wikipedia articles :).
Although there are other ways to discover IP’s, like being a forum admin, you have access to anyone’s, guests or members, IP’s that way, but I’d never use them for malicious purposes.
November 16th, 2007 at 1:02 pm
Wikipedia actually does inform users who edit articles that their IP address will be made public, and gives them a fairly easy way to opt out. I really am not a fan of most wiki policies, but I have to say if you look at it from their POV, they want some level of accountability so people don’t go typing random crud into their articles. Of course, leaving an IP addy behind doesn’t seem to stop people, and most of them don’t even realize what that means.
But as a former wiki editor, I wanted to point that out.
November 16th, 2007 at 2:28 pm
Yes it does tell them it will leave their IP address behind, but it doesn’t warn them that this could potentially be seen by lots of random people, including hackers.
By the way John, your site always seems to be down these days
November 19th, 2007 at 3:20 pm
I know. ;-( I had free hosting from a friend who disappeared, and I’m not really sure what’s up. I’m thinking about getting a WordPress hosted blog, because I really enjoy it, but what I’d really like is to find a good Windows host that isn’t super expensive and run an ASP.NET 3.0 blog.
Anyway, WikiPedia makes it pretty clear they’ll leave your IP address in their edit logs, but I suppose they don’t tell you what that could mean. You can create a free account to shield your network address if you choose to.
They have a bot that scans the latest changes page to revert vandalism, so I guess it would be pretty easy for someone to make another bot that does the same thing but grabs IP addresses and puts them in a database. But then do you think it would be easier to just make up 4 random numbers between 0 and 255, then string them together?