IP addresses and that

My little brother is up for the weekend and would like to use my laptop to make his moves.

His usual IP address is in Northamptonshire; mine is in Manchester.

Is it okay if he moves from here? Will this be seen as evidence double accounting?

I mean he's my brother and all, but I'm not going to get kicked off for him...

Originally posted by dottewell
My little brother is up for the weekend and would like to use my laptop to make his moves.

His usual IP address is in Northamptonshire; mine is in Manchester.

Is it okay if he moves from here? Will this be seen as evidence double accounting?

I mean he's my brother and all, but I'm not going to get kicked off for him...

No. Russ has explained this before.

Originally posted by Freddie2006
No. Russ has explained this before.

No to which bit?

Originally posted by dottewell
No to which bit?

It is fine for your brother to use your computer.

Originally posted by Freddie2006
It is fine for your brother to use your computer.

Cheers.

Originally posted by dottewell
His usual IP address is in Northamptonshire; mine is in Manchester.

Actually, the IP-address can never be used to identify you specifically. The Internet is an anonymous network of computers. Yes, every computer has a unique IP-address as far as each network is concerned, but those addresses may change from pageload to pageload.

Despite what you may have heard about the IP-address being a unique way of identifying a specific computer user, it's not so easy in reality since several different users can share the exact same IP-address from the server's point of view (even though they're using different computers), and the same user's computer can have it's IP-address changed several times during one loginsession (from the server's point of view).

So, Russ really couldn't tell (based on the IP-address - I'm sure he has other ways) whether you are using two accounts or whether it's your brother using one of the accounts.

Originally posted by stocken
Actually, the IP-address can never be used to identify you specifically. The Internet is an anonymous network of computers. Yes, every computer has a unique IP-address as far as each network is concerned, but those addresses may change from pageload to pageload.

Despite what you may have heard about the IP-address being a unique way of identifying a speci ...[text shortened]... ther you are using two accounts or whether it's your brother using one of the accounts.

I don't agree with this, but then I've been out of the loop for a few years.

D

Originally posted by Ragnorak
I don't agree with this, but then I've been out of the loop for a few years.

D

What, specifically, don't you agree with?

1) The same user may have more than one IP-address during one login.

The most common example of this is AOL who gives their users a new IP on every single page request. Of course, the computers always have the same IP-address in the internal local network, but from the server's point of view their IP changes on each request.

2) Several computers may have the same IP-address at the exact same time.

Let's say I'm at work. I'm connected to the office network. The office network has given all the computers at my work unique IP-addresses to use internally. However, when the office network in turn communicates with the Internet (like the RHP server) it gives away the same IP-address no matter which computer in the internal network is doing the request. Thus, from the server's point of view, all the computers at your work has the exact same IP-address.

---

There are ways to track down exactly which computer was used on a given request, but it can't be done in real time and it usually involves the police because you need to get access to other serverlogs and unless the owners of those servers are very friendly you need a court decision to do that.

Originally posted by stocken
Actually, the IP-address can never be used to identify you specifically. The Internet is an anonymous network of computers. Yes, every computer has a unique IP-address as far as each network is concerned, but those addresses may change from pageload to pageload.

Despite what you may have heard about the IP-address being a unique way of identifying a speci ther you are using two accounts or whether it's your brother using one of the accounts.

I think you are incorrect. The original poster was talking about home use.

The majority of users get a DHCP lease from their ISP which typically lasts between 12 and 24 hours. During that period 'your' IP address will remain the same.

Unless you are going through some IP hidding proxy/network that is deliberately performing NAT/PAT (which may be the case at work) to hide your address, this is the case.

Originally posted by stocken
What, specifically, don't you agree with?

1) The same user may have more than one IP-address during one login.

The most common example of this is AOL who gives their users a new IP on every single page request. Of course, the computers always have the same IP-address in the internal local network, but from the server's point of view their IP changes on ...[text shortened]... nless the owners of those servers are very friendly you need a court decision to do that.

2) Several computers may have the same IP-address at the exact same time.

They may have the same IP address but their associated socket will be unique. In other words the nat/pat server will give each outgoing connection a unique port number. It doesn't matter if your IP address is the same. Given, from the servers point of view you may have the same IP address but you will be on different ports.

Originally posted by Jack Gable
During that period 'your' IP address will remain the same.

This is precisely what some Internet Providers don't do. So, during your same session your IP address will stay the same as far as your Internet Provider is concerned, but may change on each page request as far as the application on the server is concerned.

Originally posted by Jack Gable
2) Several computers may have the same IP-address at the exact same time.

They may have the same IP address but their associated socket will be unique. In other words the nat/pat server will give each outgoing connection a unique port number. It doesn't matter if your IP address is the same. Given, from the servers point of view you may have the same IP address but you will be on different ports.

Depending on the settings on the serverside, the PHP application may or may not know the clientside port used. Usually, you can't get to the actual port used so for all intents and purposes the application (this site) won't know the difference between computer A and B if they are behind a NAT server. (Even home computers are connected to the Internet through networks - the internet provider's network.)

Also, there are ways to hide a computer completely from the server so that even if you can access the clientport, you can't be sure that it's really unique since the network bridge can be configured to appear as the same (same MAC address, same IP-address and same port address) no matter which computer behind the network bridge is accessing the Internet.

Last year a friend of mine found a program on the Internet whose creators claimed could tell you where in the world different users are. It would look at the IP-address and figure out which internet provider owns the address and then be able to tell where in the world the user requesting a page would be. That was pure bogus. Sometimes, the application claimed that you were in Australia and sometimes you were in Norway. Why? Because the application can't possibly know if the IP-address it has is really the IP-address of the computer from where the request originated (home computer or not).

Depending on the settings on the serverside, the PHP application may or may not know the clientside port used. Usually, you can't get to the actual port used so for all intents and purposes the application (this site) won't know the difference between computer A and B if they are behind a NAT server. (Even home computers are connected to the Internet through networks - the internet provider's network.)

You are talking about different network layers, we are not discussing the application layer.
The TCP header contains the source and destination port. It has to otherwise communication cannot occur. So 'this site' will always know the source port at far end.

Also, there are ways to hide a computer completely from the server so that even if you can access the clientport, you can't be sure that it's really unique since the network bridge can be configured to appear as the same (same MAC address, same IP-address and same port address) no matter which computer behind the network bridge is accessing the Internet.

i. During transport of the packet, all the routers in the way have to strip down (and then recreate) the layer 2 headers. Thus unless you are talking about a directly connected system the MAC address has no significance here.
ii. Bridges do not perform IP routing functions.
iii. I did mention nat/pat translation previously. So while it's true you are hiding your IP address from the server you are connecting to, if all your other connections to the server arrive from the same address, it'll start to arouse interest.
iv. You can try to hide from the server but logs always exist at your ISP/company.

Last year a friend of mine found a program on the Internet whose creators claimed could tell you where in the world different users are. It would look at the IP-address and figure out which internet provider owns the address and then be able to tell where in the world the user requesting a page would be. That was pure bogus. Sometimes, the application claimed that you were in Australia and sometimes you were in Norway. Why? Because the application can't possibly know if the IP-address it has is really the IP-address of the computer from where the request originated (home computer or not).

This proves absolutely nothing. Clearly if you run the program via some proxy serving you then that is IP address it will use.

Originally posted by Jack Gable
Clearly if you run the program via some proxy serving you then that is IP address it will use.

My point exactly. The application on the serverside can't know if the IP-address received is in fact from the origin client. Thus, using IP-addresses to identify a user from a PHP server application is useless since it won't tell the application anything of worth.

The webserver receives page requests from the client using the HTTP protocol (part of TCP/IP). The webserver knows to which IP-address and port the response should be returned. The webserver initiates the PHP interpreter (if necessary) which in turn parses the PHP script (the application).

Now, depending on the php settings the script may or may not be able to access information about the client. If the script can access the server variables (defined by the webserver based on the information passed from the client), those may or may not be correct because of proxies and the likes in between (there's even a special global variable in PHP's _SERVER array supposed to identify any proxies but even that one has proven invalid).

So, fact remains. As a developer of a PHP application you cannot be sure that you've got two distinct different users or not based on the information given by an IP-address and whatever else the client may "say" about itself. See?

---

You're talking about the fact that server logs will always contain information about each client, but not even that is necessarily true. There are literally thousands of relaying servers out there that won't log information (simply because it drags down their processing time). If you go out there and try to backtrack an origin client and you hit one of those servers, you won't be able to locate the client without much trouble. The Internet is, for all a PHP application can access, an anonymous network.

It all depends on whether it is a public or private IP address. Private IP addresses can be duplicated many times as long as they are all in their own private networks, whereas public ones are allocated to different governmental groups and ISP's. These should not be used more than once on The internet to prevent conflicts. However they can be leased and released from various users many times. Generally, as a rule, dial up users have a leased IP addy and broadband users have a fixed one. Although this rule is not rigidly adhered to.