FAQ

Bookmark and Share

Can I discover IPv6 domains using IPFingerPrints ?(TOP)

IPFingerPrints does not presently support IPv6 and is compatible with IPv4 addresses only at this time

I checked my IP address a few days ago with IPFingerPrints, it appears differently how come ?(TOP)

It is likely that your IP address is not statically assigned and your internet service provider issues IP addresses to you using a DHCP server. Since DHCP assigned addresses typically have a lease period associated with them, after the expiration of the lease a new IP address is generated and assigned to the client network computer.

Does it mean that my computer is not safe if IPFingerPrints can discover my IP address ?(TOP)

Not necessarily. A public IP address must be discoverable in order to allow the internet to function. If your public IP address is invisible to the internet, then web users have no way of reaching your domain.

On the other hand, it is possible to route all of your network traffic through one public IP and out another public address; for example you have been issued a static public IP address by your ISP, and you have created a VPN tunnel to a proxy server in another country which also has its own static public IP address. Since the proxy makes requests on your behalf, the IP address shown will not actually be yours but that of the proxy server. The reason people are weary of advertising their public IP addresses is that it gives potential hackers a place to start.

Can IPFingerPrints discover IP addresses for secured (https) websites ?(TOP)

Yes. Https is not an anonymity tool; it is merely a secure protocol that governs how information is exchanged between a client computer and the implement webserver. However, some network administrators of such webservers may prevent their websites from being discovered at their discretion.

The geo-location has got my internet service provider correct and my country, but the physical address is definitely not where I am ?(TOP)

Some ISPs do not broadcast location data for client IP addresses. In addition, if your IP address is behind a firewall or sentry device, it may only be possible to identify your ISP and its location but not the location of your network device based solely on its IP address.

What is a domain name server ?(TOP)

A domain name server or DNS is what enables you to use names that are far easier to remember in order to go to or find a webpage. It is much easier to remember the name ipfingerprints.com than it is to remember 74.213.171.73. And even if you could remember the numeric representation, there over 1 billion websites each with a unique address!

DNS servers do this task for us by maintaining a massive database of which address belongs to whom. When you enter a domain name such as ipfingerprints.com into your browsers address bar, the DNS resolves the name to a unique public IP address and then establishes a connection between your computer and the webserver. In principle it works in the same way your contact address book on your mobile phone works; where a contact name is associated to a specific number(s).

What is a firewall and how does it work ?(TOP)

A firewall is a device or software based program designed to filter the type of data that can be transmitted between a private network or computer and a public network. The devices operate at the network level (layer 3) of the TCP/IP stack and filter data by scrutinizing packets that pass through them. Advancements in technology allow these devices to performing filtering task all the way up to layer 7 of the TCP/IP stack at the application level (for instance drop traffic related to peer-to-peer software).

firewall can filter packets based on their destination their source, their requested ports, and can also enforce access policies known as access lists. In large corporations where data is typically sensitive or critical, firewalls (particularly independent hardware firewall nodes such as ASAs) are invaluable, as they can perform far better than software based firewalls. Windows comes with a software based firewall that can restrict access to certain ports on your PC; and most routers these days have a firewall feature.

Is my software based firewall just as good as the hardware firewall device I see around ?(TOP)

The measure of a good firewall is really made by the value of the data that you are trying to protect. Windows firewall coupled with a good spyware or malware software and antivirus can provide you with a decent level of security, but they cannot be compared with the level of security provided by a dedicated hardware based firewall.

What is a sub-domain and do sub-domains have different IP addresses ?(TOP)

A subdomain is part of a top level domain; for example video.example.com is a subdomain of the top level domain example.com. Subdomains are typically used to separate and categorize content found at a website into different relevant domains. DNS servers will resolve the top level domain first (example.com) and allow the webserver at that address to route traffic to appropriate sub domain based on the client request. Though it is not necessary to separate the subdomain from its top level domain in this manner using IP addresses, some companies may want to do this to add greater granularity to their website design especially if they have large amounts of web traffic, however it can be prohibitively expensive given that a sub domain would require its own public address.

What is a public IP address ?(TOP)

A public IP address is an assignment number that uniquely identifies public servers or network nodes on the internet; they are the only addresses that that are routable. These assignments are distributed to internet service providers in address ranges by IANA (otherwise known as The Internet Assigned Numbers Authority (IANA) which controls ownership of these IP ranges. To be considered public, an IPv4 address must fall outside of the range of a private address.

What is a private IP address ?(TOP)

Private IP addresses are separated into 3 categorizes (24-bit, 20-bit, and 16-bit blocks) and are used to uniquely identify computers, servers, and network nodes within a private network. The classful names of these private addresses are Class A, B, and C. You can easily identify a private IP address by examining the bits on the IP address which identify the network; for example Class A addresses are always in the form 10.0.0.0/8; Class B addresses are always in the form 172.16.0.0/12; Class C addresses are always in the form 192.168.0.0/16. Though these addresses are not routable over the internet, they can be translated onto a public address.

What are network protocol ports ?(TOP)

Within the TCP/IP and UDP framework, there are a number of ports which are designed specifically to handle data traffic of a particular type. For example TCP/IP port 23 is known for use of traffic in a telnet session. The file transfer protocol is used on port 21, and Microsoft SQL server is designed to use port 1433 and so on. When you try to retrieve a webpage by typing a web address into your browser, that sort of traffic is routed as HTTP datagrams through port 8080 (or 8181) of the TCP/IP stack. Separating data traffic into specific ports allows for much easier troubleshooting.

What is a ping test and is it different from ARP ?(TOP)

A ping test is used to discover when a host network node is discoverable by other network devices. Pings are sent as ICMP packets which functions on layer 3 of the TCP/IP OSI stack. ARP or address resolution protocol operates on layer 2 of the TCP/IP OSI stack and uses (MAC addresses which are not routable) to discover network nodes on a private network. When a host computer sends out a ping as an ICMP packet to a specific destination address, the remote network node acknowledges receipt of the packet and sends out an echo. The latency between the packet sent and the packet received is used by the host computer to determine network statistics such as dropped packets and time-to-live, between the two computers.

With respect to networks, how many ports are there ?(TOP)

There are over 49,000 ports registered and recognized by the IANA. However, in addition to that, there are approximately 25,000 network ports that are private or dynamic.

Which ports should I ideally have closed on my network ?(TOP)

Ideally you should have all network ports that you do not use closed. A port scanner can help you identify open ports on your network and help you close those that you do not use.

What is network address translation and how is it used ?(TOP)

As it became apparent that IPv4 public network addresses were soon going to run out, internet service providers and internet protocol bodies invented network address translation or NAT.

NAT, though similar in function to a proxy, allows an organization to connect several computers on a private network to the internet using only one public address. Not only does this reduce the cost of paying extra for a public IPv4 network address, it allows security to be tightly controlled, and allows internet service providers to economically leverage a limited number of public address assignments.

NAT it typically implemented on .boundary. network equipment such as firewalls e.g. CISCOs ASA, PIX 506, or on routers.

What is a Virtual Private Network (VPN) ?(TOP)

VPN or virtual private network is a technique used to interconnect disparate private networks using publicly accessible network infrastructure such as the internet. A VPN creates what is known as a secure tunnel between one private network and another private network allowing traffic between the two networks to be exchanged. In order to prevent .eavesdropping. on the data being transmitted between the networks, VPN employ high-level data encryption techniques such as IPSec.

What port would I need open to setup a VPN?(TOP)

Ports that need to be opened for VPN point-to-point tunneling protocol pass-through traffic are TCP port 1723 and TCP port 47. On layer 2 tunneling protocol, UDP port 500 and UDP port 1701 need to be opened.

I've seen some websites that have the letter 's' at the end of http (i.e. https), what does this mean ?(TOP)

The S at the end of https identifies a webpage as secure. What this means is that they is at least 128 bit encryption (Secure socket layer) used to secure all the traffic between a client computer connecting to the website and the webserver. Banks, financial institutions, and other webservers that exchange sensitive, critical, personal, or confidential data between connecting client computers and the server usually implement https protocols.

What is a proxy server and how does it work ?(TOP)

A proxy server acts as a .middle man. between your computer (the client) and a destination source (the web server). They are designed to process retrieval requests of files, webpages, and information from databases etc. on behalf of a client computer so as to maintain a level of anonymity.

web server setup as a proxy will take these requests issued from a client's computer and retrieve data or information from the destination server, whose address and location is provided in the client computers request.

Some proxies can be public while others may be implemented privately for instance in corporate networks so as to make administrative tasks (such as packet filtering, scanning for malware, spyware, Trojans and viruses) easier to perform.

What does secure socket layer (SSL) and transport layer security (TLS) mean ?(TOP)

Both SSL and TLS are encryption protocols used when transmitting data over public network infrastructure. They are both used to prevent transmitted data from being altered while on transit from a client computer to a webserver and back. SSL encryption can go up to 256 bits while and works at the transport layer of the TCP/IP stack. It is the successor to TLS encryption.

What is DHCP ?(TOP)

A dynamic host configuration protocol is a means of assigning IP addresses to connected network nodes automatically. When activated, a connected network will query a DHCP server to request for an IP. If the device is authenticated, the server will issue an automatic IP lease based on the network addressing schema saved on the DHCP server. Most broadband internet providers and cable internet subscriptions for home users, typically use DHCP servers to assign IP addresses to client computers over their networks.

Can you discover my IP if I am web surfing behind a proxy ?(TOP)

This depends entirely on how secure the proxy is and the nature of the client computer's request, because a proxy server typically maintains an online connection with its client computer or network node. If the proxy is not securely configured then a connection can be traversed back from a web server to the client computer; circumventing any security policies that may have been put in place.

What is IPv6 and how is it different from IPv4 ?(TOP)

IPv6 or internet protocol version 6 is the latest numbering assignment standard for the internet protocol stack which was designed and released to succeed IPv4. When the internet was designed, it was not envisioned that all the network node assignments in the IPv4 numbering standard could be exhausted (IPv4 allowed for just over 4 billion public addresses). With this limitation soon to be reached, the Internet engineering taskforce developed the IPv6 which allows for a significantly higher number of assignments (more than 7.9 x10^28 times more address assignments than IPv4!). Several websites already support the use of the new standard such as Google and Facebook, however to access these IPv6 websites, you would have to be part of an IPv6 network.

How can I increase my anonymity while browsing ?(TOP)

To begin with, you should be careful when filling out any e-form that requires personal information. Many users never read the terms of use policies on websites, but they do give an indication of how your personal information is used and stored; if this agreement is violated in any way, users have a right to pursue legal action against the company. Always have a reliable and up-to-date antivirus running that can monitor your internet traffic, block network ports, and alert you to questionable network activity. Using public web proxies can also mask your IP address while you browse.

What can I do to prevent my computer from being hijacked ?(TOP)

Never open ports that you do not need or download and install software from a questionable source. Even visiting websites that are known to advocate questionable (potentially illegal activities) can drop Trojans and other files that compromise your saved passwords, network, or entire computer.

What is a ACK port scan ?(TOP)

ACK scan is used to map out rulesets of firewall to find out which firewall ports are being filtered and if the rules are stateful or not. The ACK flag is set in the TCP header of a packet, which on a system with no firewall would return RST (reset), meaning the port is unfiltered, however if the port is open or not, that can't be determined.

What is a Window port scan ?(TOP)

Window scan and ACK scan are almost the same other than in Window scan implementation details of some operating systems are exploited to distinguish between open and closed ports instead of just marking them as unfiltered.

What is a FIN port scan ?(TOP)

A FIN flagged packet is used by connected nodes in a network to signal the end of a transmission. When a port scan is initiated using FIN, packet based filtering may be unable to detect the FIN packet. A port scanner can use the FIN packet to determine which ports on a target network node are closed. As ports that are closed respond to FIN packets with an RST response, a scanner can determine which ports are open by looking at the ports that ignored the FIN transmission which indicates a service protocol is currently running on those ports.

What is an XMAS port scan ?(TOP)

XMAS port scanning refers to the Christmas tree packet. It is similar to the FIN packet sent using a FIN port scan with the only difference being that before an XMAS packet is sent to the target network client, the TCP headers are altered to have the flags SYN, URG, FIN and PSH all set to on. URG refers to urgent, which forces the target machine to respond to the packet immediately (typically reserved for Telnet packets).

What is a SYN port scan ?(TOP)

The SYN flag is turned on in the TCP header of a packet to indicate that a client wishes to establish a connection with a remote target on a given port. With a SYN packet, a port scanner sends out the packet waiting for an acknowledgement from the target machine. If a response is received the client does not begin transmission as expected and immediately terminates the connection; an ACK response to the scanner is indicative of an open port.

What is a WHOIS lookup ?(TOP)

Every domain's registrants details are recorded by a registry operator granted authority by ICANN (Internet Corporation for Assigned Names and Numbers). These details are replicated from accredited registrant's (such as godaddy.com) to RIR (or regional internet registries) servers and stored in databases. The databases are accessible for every top level domain name on the internet however some domain registrants allow owners to mask their identity to remain private. Those domains that are not masked are accessible through the WHOIS protocol.

What does it mean by "open", "closed", "filtered", "unfiltered", "open|filtered" or "closed|filtered" ?(TOP)

open:

If a port is "open" then it means TCP connections are being accepted on that port or there is some UDP or SCTP associations on that port.

closed:

A "closed" port means that it is responding to packets sent by the port scanner, however no application is listening on that port.

filtered:

A port is marked as "filtered" when the packets are sent to that port, however packet filtering (e.g., firewall) prevents the packets from reaching that port.

unfiltered:

A port is marked as "unfiltered" when the port scanner cannot determine whether it's closed or open.

open|filtered:

A port is marked as "open|filtered" when the port scanner cannot determine whether it is filtered or open.

closed|filtered:

A port is marked as "closed|filtered" when the port scanner cannot determine whether it is filtered or closed.

I can't find my question here!(TOP)

For any questions please email us at: info@ipfingerprints.com