Member Avatar for Netnew

Hi guys.
Please forgive me if my question is (as it is) very very basic for your level.
I would like to know how can someone be identified from his IP.
I am working in a little internet services company, new job, and I am handling cases of multiaccounts, which are not allowed. I really am not expert in networking quite at all, it is a secondary aspect of my job but I have to learn more.
The fact is that we are supposed to find out if someone has got more than one account by seeing if more accounts are sharing the same IP.
But then I read that there are different types of IP, a static one, a dynamic one, also you can use a proxy or things like that, so, exactly, how can I be shure that if more accounts share the same IP they are the same person (or at least the same PC)?
Few example:
1) someone with dynamic IP login with more account at same time. No matter if his IP changes every time he connects, all those account share the same IP so we can be quite shure that something is going on there. Right?
2) someone with a static IP connects with one account one day, another account next day, etc. We can be quite shure that something is going on, right?
3) what about if someone with dynamic IP connect with one account at a time? How can we trace the multiaccounts?
4) The same is for a proxy?
5) If more PC (different people, different accounts, all legal) connect with same IP because they share an internet connection, how can we be shure that they are different PC and not a multiaccount?

Thanks!!!

  • 4 Contributors
  • 6 Replies
  • 190 Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by suley04
Member Avatar for rubberman

1, 2, 3, & 4) No, you can't. A router may have a single IP address (dynamic or static), yet multiple systems with valid accounts may connect via the router. You get the router's IP address, not the connected system's address. Ditto proxy connections.
5) You need to look at the MAC addresses associated with each connection (not always possible without deep-packet inspection, and not always then). Each distinct connection should have a different MAC address, although those can be spoofed. Encrypted connections multiply the difficulty by a large order of magnitude.

At the bottom line, this is not simple. If you are, as you state, new to this networking cruft, then you need to do some serious bootstrap training to get even a basic understanding of what you are facing. I speak as a professional who teaches this stuff.

Member Avatar for L7Sqr

5) You need to look at the MAC addresses associated with each connection

Side note: You can not get this information unless your custom protocol provides it. They way layer 2 works is that you will only see the MAC address of the previous hop which is generally not the source machine.

Member Avatar for rubberman

Side note: You can not get this information unless your custom protocol provides it. They way layer 2 works is that you will only see the MAC address of the previous hop which is generally not the source machine.

Good detail point L7Sqr, but probably more than the poster needs to know right now! :-) They still have a lot of basic learning to do about networking before they are ready to confront their task in a rational manner.

Member Avatar for L7Sqr

Good detail point L7Sqr, but probably more than the poster needs to know right now!

I was addressing the issue in general, not the OP specifically...

I think that using an IP (or MAC) is the wrong way to determine account uniqueness.

Edited by L7Sqr because: n/a
Member Avatar for Netnew

Ok, that was useful. Finally I did not understand much so I had to ask to my collegues (admitting my ignorance) and I have being told how do they trace people with the IP. It is not a perfect system but no system is perfect and all is a matter of how much time and resources are you willing to invert.
Wonderful, thanks a lot guys, I guess I will ask other questions in the future but in the while, can you reccomend some online documentation to learn more about this of the IP and Mac, something precise, effective, clear and not too complicated?
Thanks!

Member Avatar for suley04

How about trying something like a "traceroute" to find all the previous hops it takes to reach their internal systems, then looking at the last few addresses to find the last public IP address, and then taking it from there?

Once you know the last public IP address, you know what address the router is, then you could possibly use some tools to find out what information passes through the router if you need to identify single workstations or users.

Hope that helps.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.