By having the IP address of an endpoint, one can reach it via the network.
IP address is not enough to connect to an endpoint though, all connections are made through IP:Port pairs. Ports are like virtual sockets on the endpoint. To connect to a port on a certain IP, that socket has to be opened beforehand by the endpoint, waiting to receive a connection.
Fortunately, there are many sockets open on every system (e.g to find out what other machines are out there on the network, to be able to share files, send and receive mail and etc.). Once an attacker finds an IP address, s/he can scan the target machine to find out which ports are open, and those typically correspond to protocols that are served (e.g 443 is most likely HTTPS, 25 is most likely SMTP).
Then they can send a few valid communications of that protocol to that port, and based on the answers, recognize what application is serving that protocol (e.g you can have exim or postfix for mail on 25, you can have Apache or IIS for HTTPS on 443).
Once they find the application (and hopefully its version), they can access the vast repository of bug exploits that they have, and see if they have anything that works on any of the applications available on that IP address. If they do, voila. They exploit it and get access to the machine. If they don't, then they have to pursue other means, such as keeping scanning that IP address for more applications to pop up.
Basically, if an attacker has your IP address, in perspective, is like a criminal having your home address. They can watch you, see your patterns, the doors and windows, when you leave the house, and attack when best suited.
All that being said, an IP address is just an address on one network. Most of us live on a separate network than the Internet, i.e when we connect to our home or work router, we are connected to our home or work network, which is a totally separate network from the Internet. All IP addresses in this network are totally irrelevant of similar IP addresses on other networks, such as other home networks or the Internet.
The router is the double agent there. It has one IP address in your local network, and one on the outside network (i.e. the Internet). It receives all traffic intended to go out to the Internet from all systems in your local network, changes their IP addresses to that of himself, and sends them over to the Internet. It also receives all the traffic from the Internet towards itself, changes their IP addresses to that of the local systems, and propagates them inside your network.
Thus, the IP address and the system that you look to be on the Internet, is actually your local network's router (connecting you to the Internet), and those machines are typically much more secure than the other devices in your local network, such as printers and laptops.
0 comments:
Post a Comment
Thank you for visiting our site!!