Can you disguise an IP address?

by

IP addresses are fundamental to the way that the internet works. Spammers use botnets to send from hijacked machines and thus from their IP addresses.
Question:

Can you disguise an IP address? Lots of spam in many different countries
that spam is sent from the same person using the same computer?

IP addresses are fundamental to the way that packets travel between
computers on the internet. It is not possible to send a packet from computer A
to computer B and hide or disguise the IP address of computer A, or the router
though which it is connected to the internet.

What that means is that in order to “disguise” your IP address, you need to
use a different computer entirely.

Spammers have just the technology for that, in the form of botnets. The
result is that spam could easily be coming from computers that are completely
unrelated to and nowhere near the spammer.

In this audio excerpt from a recent Ask Leo! webinar,
I’ll discuss what this all means.

]]>
<![CDATA[

Transcript

Can you disguise an IP address? Lots of spam in many different countries that spam is sent from the same person using the same computer?

So several different questions actually in there. Can you disguise an IP address? Not really. IPs are fundamental to the way packets are sent between the equipment that makes up the internet.

So if you get data sent to your computer, in that data, the actual lower-level guts of that data is the IP address it came from; that cannot be spoofed. Now, where things get confusing is the second part of that question. Can spam be sent from the same person using the same computer? Absolutely, that’s exactly what botnets are all about as just one example.

So what’s a botnet? Let’s say I have a virus on my computer. That virus might be software that actually does nothing harmful to my computer, nothing at all. All it does is it connects to that remote site that periodically gives the virus instructions for what to do.

Those instructions might be ‘Send a piece of email; send spam.’ In fact, the instructions might be ‘send a piece of email; send it from leo@askleo.com; send it to mary@whatever.com and here’s the text of the message: Viagra or whatever other body-part enhancing or drug, pharmaceutical thing it’s trying to sell. When that email gets sent, it gets sent from the infected computer. So when that gets sent, it means it gets sent from that IP address of that infected computer.

The person who has that computer may have no idea that this is happening. They may have no idea that spam is being sent from their computer, but it is. And if anybody were to take the spam and attempt to backtrack the IP address from the headers, where that would lead them is not to the spammer, but to this infected machine. And in fact that does happen from time-to-time: a machine will be so badly infected that it’s sending out tons of spam. The ISP will get notified that ‘Hey, this IP address, they’re sending a lot of spam’ and probably got infected.

That is an extremely common way for spammers to hide the IP address where they really are by basically remote controlling thousands if not hundreds of thousands of other computers on the internet to send the spam on their behalf.

So it’s very common. You’ll often see spam come from all over the planet just because machines are infected all over the planet and yet they may all (under the control of a single bot herder who is giving instructions to all of these remotely infected machines too) go off and send spam. So it’s very difficult given a piece of spam, a piece of email to really, honestly, truly determine where that spam truly originated. At best, you can find out what machine it was sent from, but that’s not the same. So I hope that answers your question.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

2 comments on “Can you disguise an IP address?”

  1. What do websites like http://www.hidemyip.com
    do to hide an IP address! How far are they effective in disguising or hiding IP address?

    Acting as a proxy they route all your requests through their servers so as to make all the access looking like it’s coming from them. Depending on how much you trust them your IP is still visible to the proxy/anonymization service.

    Leo
    11-Apr-2012
    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Additional information is available at https://askleo.com/creative-commons-license/.