Introducing the IP (Internet Protocol)

Past: Before the Internet was commercialized, IP addresses were parceled out unsystematically. For example, the address block beginning with the number 192 was broken up and distributed all over the world. Network administrators refer to this block as "the swamp" because of the resulting routing complexity. It was allocated in May 1993. Tracing these older addresses can be difficult.

Present: The Internet Assigned Numbers Authority(Welcome to the InterNIC) allocates blocks of IP address space to three regional Internet registries--Arin-US regions (covering North and South America), Ripe.net NCC (covering Europe) and Apnic.net(APNIC) (covering the Pacific Rim). There is also BetterWhois.com, Global One, Network Tools look up ping trace, DNS look up, Whois.Com.Au
These groups allocate blocks of IP address space to local Internet registries, which assign the addresses to companies such as Internet service providers. ISPs parcel out addresses to customers based on several factors, including geography, to aid overall network efficiency. Tracing many of these addresses is relatively easy.

Future: Internet engineers are preparing to overhaul the existing system of 4.2 billion IP addresses, known as IPv4, with a new, bigger system, dubbed IPv6. While implementation is likely years away, the switch could include a highly organized IP address allocation system based on location. Tracing IP addresses in such a system could be made trivial.

All this info (IP address + everything else) can be recorded by the host site through Java/Javascript, a counter, . The newest idea is to include a counter as one single pixel wide hidden inside an image to grab your IP number. Some Bulletin Boards even post your IP along with your post, making it available for anyone to see. This is why we recommend using an anonymizer OR proxy whenever surfing the web, and especially when browsing unknown sites or posting to boards. See the next section (- Anonymous Surfing) for more information on using anonymizers.

Hotmail and other "anonymous" mailers send your IP in the header of your message. We suggest that you use an anonymous Remailer to send e-mail, and include your hotmail address (or other mail address not associated with your own ISP) in the message if you want a reply. One good Remailer can be found at: http://www.gilc.org/speech/anonymous/remailer.html.

For more Remailers, ideas, read Proxies and where to find them,

Static vs. Dynamic IP's

DNS (Domain Name System)

You know how you can just type www.microsoft.com for example and you will be connected to them. Well this is accomplished with the Domain Name System- DNS where an name is mapped to a particular IP address, since it is easier for us humans to rememeber a name than a string of numbers. This adress name sets itself together from all other names.

DNA names are read from right to left, while IP addresses are read from left to right

As an example the IP adress 129.206.100.126 correspondents to the combination for the ftp.urz.uni-heidelberg.de (university - heidelberg - germany). On the left site ever stands the PC name in this example it is "ftp" this name could be any other name too.The administrator sets it up. The next is "urz" this keeps all the PC's in the calculating mashine center together. Followed by the domain "uni-heidelberg" that keeps all the PC's from the whole university together. And at last "de" it's the "top or level" domain for all PC's in Germany.

For these reasons, amongst many, many others, the DNS system is hierarchical. A simplified (but reasonably accurate) illustration should give you a general idea.

Each top level domain (say, .com) has its own server. Within this domain, there are many sub-domains (say, .ibm.com). Within this subdomain there are many machines (say, www.ibm.com) as well as sub-domains (say, .software.ibm.com). Now the administrators at .ibm.com could, of course, list all their machines and respective addresses in the .com DNS server. But that is not the case. What actuall happens when the .com DNS server is queried for a name within the .ibm.com domain, it directs the querier to ns.ibm.com, the primary nameserver for this domain. The ns name usually stands for 'Name Server' (duh). The ns.ibm.com server resolves the query and returns the address of the machine. This makes the .ibm.com admins happy, the .com admins happy and the traffic and demands on the .com links and machines are very much reduced. Everyone wins.

Mail addresses usually have a form somewhat like the following 'someone@somewhere.com'. Those of you who are still with me are thinking 'Hey!, isn't somewhere.com a domain? How can you send mail to a domain instead of a machine in a domain?' Well, that's another nice thing about DNS. You see, the DNS server for .somewhere.com has what is called an MX record (MX for Mail eXchange) that points to something like mail.somewhere.com. The mail you send to someone@somewhere.com will be directed to someone@mail.somewhere.com and you have to admit, someone@somewhere.com looks a lot better than someone@mail.somewhere.com. Right? I thought so.

URL structure

URL stands for Uniform Resource Locator or Universal Resource Location or a variation thereof. The schools of thought vary here, but then again, they often do. (An aside, there is a popular window manager for X called FVWM. The manual page states 'No, I don't know what this means either, but what the hell, this is an acronym-based society anyway.' - learn from this). URLs have the following structure:

Usually you only see them as http://www.ibm.com or a variation thereof. This means, literally, 'connect to www.ibm.com using the http protocol and get whatever it gives you after passing along a few standard headers. Well, it does if you type it into your browser. If you do it by hand, that's another matter enitrely. Now, your browser 'knows' that the standard port for http traffic is port 80. It also knows what it should pass once it gets a connection. It then processes what the server gives it and, hey presto, you have a page to read. Now as an exercise, try doing this manually.

What about the ISP logs?

Okay, so now you know that your ISP has a log of who is logged in under which IP number at any particular time. They also maintain a log of data transfers, logging each transfer of information, the originating IP, and the destination IP. So it is a routing process to do a search of the logs and find any illegal activity, and associate it with the exact computers involved. So know that the ISP can and will have a nice log of at least all of your recent internet activities, all emails sent and receaved, ets. I still hear of cases of people getting caught sending and reseaving unapproprite unencripted images using their work or home email accounts, or using their work accounts to "surf the Web" looking at porn. Majorly silly, eh?? I say they deserved to be caught. ^_^

So why do the ISP's maintain logs of all internet activity? Well, for several reasons, depending on the countries they are in. Some law enforcent agencies require them to. Other ISP's just like to cooperate with the cops, in case to protect their backs. Your workplace will defiently monitor your Internet usage. But if you ask them , they will say they do it mostly for the purpose of debugging. If the ISP servers develop a problem or they crash, technicians may scan the logs to determine if a particular transfer was involved with the problem. Riiiight.

Now consider a normal day surfing the web. In a normal day I can download/upload 2000 or 3000 files (the gifs of the pages, the wallpapers, etc. etc.). Now if the ISP has 10000 or more clients (normally an ISP needs at least 10000 users to survive)that results in: 10000 x 3000 = 30,000,000 operations in a day. Every line has 128 lines (or bytes) = 3.840.000.000 bytes... The logs takes 3 Gigs from the disk !!! :) but thats a drop in the ocean to the storage devices available now. So again, watch your steps ^_^ and learn how to use a proxy quick.

The Dangers...

However, if a federal agency has a search warrant with probable cause, they have the authority to demand a search of the logs. If the logs for that time period are available, they can trace that data transfer to you. If almost anyone else gets your IP address and tries to identify you, they have practically no chance of doing so.

Your biggest danger is if you are using a computer at work, at school, or in a public library. They keep their own logs, which are usually much smaller than a regular ISP. They also have more incentive to search their logs, to keep their image clean, and keep an eye on the activities of their employees/students. We recommend that you do not use such computers for any questionable activity.

Names and addresses used in this document are not meant as valid.

The internet runs on a suite of protocols collectively known as TCP/IP. The TCP and IP protocols form the backbone for most connections. IP stands for Internet Protocol. It is the routing protocol that delivers packets from one machine to another. TCP stands for Transmission Control Protocol. This is the protocol that sets up and maintains the state of a connection. One of the nice things about TCP and UDP is that the ports that various services run on have a scheme that has become de facto by now. If you're not sure what I mean, take a look at the file /etc/services, it has read permissions for all users on any sane unix system.

The IP stack of a given device has a network address known as (surprise!) the IP address. It is a 32-bit number usually represented in what is known as the dotted-quad notation. This means that the 32-bit field is divided into 4 8-bit fields and each field is represented as a decimal number. These numbers are seperated from each other with a period. This gives us the familiar form of '192.168.2.120'. As more and more machines became connected to the internet it became increasingly inconvenient to remember all the different addresses. To save time, effort and major headaches all-round, the wonderful service of DNS was invented. DNS stands for Domain Name Service. Its purpose is to translate names to addresses and vice-versa. Thus, when you connect to a machine called 'www.somewhere.com' your program connects to its DNS server and requests a translation to an IP address. Upon receiving this address it proceeds to connect to it. Now having one DNS server that has a database with all the addresses on the internet in it might sound alright, but once you start thinking about it, you run into some major difficulties. To name but one, you'd rarely be able to connect to it, as the whole world would be trying exactly the same thing. The machine would get swamped with requests and the stream leading to it would be bogged down with DNS traffic. To name another, the maintenance would be hell. Helpdesk work would almost be preferable.

This is a simplified version. Setting up a DNS server is certainly no task for beginners and can wreak havoc on other DNS servers if incorrectly configured. Needless to the, the admins whose setup you disturb will not look kindly on your efforts. For more information, go to your nearest RFC archive, do a web search or buy a book on DNS (try DNS/BIND from O'Reilly).