Understanding IP Addresses in the Context of the Internet
October 6 2023
~2200 words, ~8-12 min read.
What's My IP?
A lot of the time, this is one of the first questions people have about IPs.
Before even knowing what Internet Protocol (IP) Addresses are, the first
search to Google is "What is my IP?"
Perhaps you're a gamer and faced the dreaded 'IP Ban' in the game you play. You
search what your IP is, unplug and replug your Internet modem, and search again
to see if the IP changes.
Perhaps you're an Information Technology student and you need to know what your
IP is in order to set up some configurations that provide you access to school
resources.
Whatever the case may be, most of the time we search for this 4 number IP
address and use it for something without knowing what it really is. Those
who benefit from this knowledge are the ones curious about how devices on the
Internet communicate with each other.
Mysteriously Persistent Internet Activity
When you're at home, and someone knocks on the door, you're probably going
to go answer it. They announce who they are, and you have the choice of whether
you want to continue or end this social interaction. Imagine if sales people
frequently knocked on your door throughout the day, that would probably be
annoying. Imagine if there was a lineup of strangers at your door just knocking,
presenting themselves, and you have to use the effort to end each and every
social interaction that appears. You'll probably end up just locking your door
and not answering, and they'll adapt by arriving with keys to try on your door.
Now imagine these strangers are all wearing masks, persistently skirting around
the perimeter of your house, checking if the door is locked, checking if the
window is locked, trying their keys, constantly trying to persuade you into
accepting a social interaction. This scene is very common in the world of the
Internet. Servers such as those used by the public like email servers, social
media applications, game servers, etc, are constantly being pestered by
Internet traffic. All the possible entry points are probed on a continuous
basis, trying to one day find a vulnerable entry point to break into.
Understanding IPs will help shine a light on all of your Internet assets, and
help you identify whether the activity on the Internet can negatively
impact you. We can perceive suspicious people near our homes, but not everyone
has a lens into the Internet, where many foreign devices may be trying to
connect to your assets. For example, nowadays many people have security cameras
that are connected to the Internet, such that you can use your cell phone to
connect to the camera and see what's being recorded. Such devices could be
constantly probed, and one day a vulnerability might be discovered which
leads to unwanted access.
The Fundamentals of an IP Address
I'll be focusing on IPv4, so this is NOT meant to be a guide for IPv6. I also
won't go too deep into the technical details, as the purpose is to provide
a fundamental understanding of IP addresses. However, this understanding is
the beginning of learning how to analyze IPs.
IPv4 Addresses Consist of 32 bits
IPs are presented as four numbers, separated with a period, like:
1.2.3.4
Not just any number though. Each of the four numbers have the same restriction,
that it can only be a number in the range of 0-255. This means that all of the
possible IPs are from
0.0.0.0 - 255.255.255.255
The reason the number is 0-255 is because each number that is separated by
a period is called an octet, and each octet consists of 8 bits. A bit
is either 0 or 1.
binary form
11111111.11111111.11111111.1111111
=
decimal form
255.255.255.255
With 8 numbers, each number possibly being either 0 or 1, that gives 2^8 or
256 possible permutations. In the above example, the binary form is equivalent
to the decimal form, and we typically read IP addresses in the decimal form.
As we can see, 256 possible combinations is reflected in the possible number
range of 0-255. This is as technical as I will go with this, for brevity.
Each octet being 8 bits, that means an IP address is 32 bits. There are 2^32
IP addresses, which equals 4,294,967,296, or about 4.3 billion IPv4 addresses.
The Role of an IP Address within a Network
IP addresses play a crucial role in defining and identifying devices within
a network by serving as a unique identifier for devices connected to a network.
Each device is assigned an IP address, allowing data to be sent to and from
the correct devices on the network.
The Internet is not the only network there is. You probably have a private
Local Area Network (LAN) at home. This would provide all the devices on
your home network their own unique IP addresses. The IP address of your device
in the context of your LAN is distinct from the IP address of your device in
the context of connecting to the Internet.
Normally, when you're at home on your computer and you access a website,
what is happening is that your computer is able to communicate on the Internet
via the modem that your Internet Service Provider (ISP) gave you. That is why
your computer is connected to this modem in some way (either by a physical
ethernet cable, or wirelessly, or your computer is connected to a wireless
router which is connected to the modem, etc). Nowadays it is common that an ISP
provided modem also has the functionality of a router. From this point on, when
I mention 'modem', I am referring to the modems that also have router
functionality. There are ways (bridge mode) to disable this functionality, such
that the device (e.g. router or computer) connected to the modem is the one that
is assigned the IP address instead of the modem itself, but this case is outside
the scope of this article.
When your ISP assigns an IP address to your modem/router; this IP address is
also known as your 'Public IP Address'. This is the unique IP address your
device is associated with on the Internet. This means that any device connected
to your home modem, such as your cell phone, your computer, your parents'
devices, your siblings' devices, all share the same unique Internet IP address.
(This is why when your brother got caught botting, your account got banned too)
(This is also why you 'reset' your modem in hopes of getting a different IP)
You may also use a Virtual Private Network (VPN) for one reason or another.
This allows you to connect to Internet services without revealing your personal
IP (Public IP Address). Well, the VPN service you connect to will know your IP
address, as any form of connection or access on the Internet between
devices/services requires an exchange of IP addresses. The VPN will kind of act
like your home modem; it will make any connection or access requests on your
behalf. Since the VPN is the one connecting to those Internet services, those
Internet services will see the IP of the VPN as the one connecting to them, not
the public IP of your home modem. This allows you to connect to and access
services on the Internet without revealing your Public IP Address.
Private IP Address Blocks
Certain IP address ranges are reserved for specific purposes, such as home
private networks. Therefore, you typically will never see certain IPs
on the Internet, such as:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
These aren't the only IP ranges with a specific purpose. There's also
the Loopback Address, Automatic Private IP Addressing, Bogon Addresses, and
others.
Static and Dynamic IP Assignments
IP addresses are assigned in either a Static way or a Dynamic way. A Static
IP is one that does not change after it has been provided to you. Whenever you
connect to the Internet at home, you'll always have the same public IP.
In this case, from the moment you turn on your modem, and every time you
reset it after, it will always be assigned the same IP from your ISP.
A Dynamic IP refers to the way it is assigned to you. I say 'you', but what I
mean is the wall jack/outlet that your modem is connected to. The device
that's connected to that outlet is assigned the IP.
Whenever your modem is reset, it is assigned an IP from a pool of IPs that are
available. For example, this dynamic IP pool could be 200.200.200.0 to
200.200.200.255. Any IP from 0-255 that is not already assigned could be
assigned to your modem when your modem is reset. There are many different ways
this dynamic IP assignment could be implemented. For example, some
implementations temporarily save an IP to your modem, such that if your modem
is turned off and turned back on within a given period of time it will be
assigned the same IP.
This means that, depending on what kind of Internet service you have at home,
your IP could always be the same or it could be changing occasionally.
How IP Address Ranges are Delegated
You purchase Internet services from your ISP, who typically provides you with
a modem, giving you access to the Internet and an IP. However, there is another
body, known as the Regional Internet Registries (RIR), that delegate IP
address ranges to organizations such as ISPs. The world has five RIRs, with
each RIR responsibility for delegating IP address ranges to their own specific
regions of the world. The RIRs are: ARIN, RIPE, LACNIC, APNIC, and AFRINIC.
There is one body above the RIRs that delegate large IP ranges to the RIRs,
and this is the Internet Assigned Numbers Authority (IANA).
A collection of IP ranges under the control of one organization is assigned
an Autonomous System Number (ASN). This is a unique identifier that shows
all of the IP ranges that a particular organization has ownership of. These
organizations further delegate their IP ranges for different use cases, such as
providing IPs to end/home users, or providing IPs to other organizations that
in turn provide IPs to their users, employees, and services.
Delegation of IPs is constantly changing, at the organization level
(eg. organizations assigning IPs to end users), at the RIR level (eg.
RIR delegating IP ranges to other organizations), and at the IANA level (eg.
delegating IP ranges to an RIR).
So... What is an IP?
An IP address, in the context of the Internet, is a unique identifier that
can represent a device connected to the Internet. When this device is active,
it can connect to other devices on the Internet, or receive connections from
other devices on the Internet. In order for two devices to connect, they
need to exchange IP addresses, so that the communication is being sent to
the correct location on both sides. In other words, in order for two devices
to share a connection, they both must know the other's IP address.
A 'device' could be many things. It could be your home modem. As you can see,
in this case there are possibly many unique devices such as laptops and cell
phones behind your modem. When your modem connects to other devices on the
internet, that connection can be on behalf of one of many different devices
behind it.
A device could be a server, which is essentially a computer somewhere. This
server could be hosting a service, such as an email server or a social media
application.
An IP address, as mentioned before, could have multiple devices behind it,
and therefore there can possibly be multiple unique users behind a single IP
address. This can go even further, such as carrier grade NAT, where an ISP
utilizes a single IP and assigns it to multiple customers. This means that
multiple modems from different homes could all share the same IP when
communicating over the Internet.
Another example is when you host something on the web, such as a website,
on a hosting provider's shared servers. This means that you would be sharing
server resources, including the IP, with other customers.
An IP address could be assigned to one device one day, and another device the
next day. There can be many reasons for the ownership and usage of a particular
IP address to change.
It's possible for a service or network to utilize and be comprised of multiple
IP addresses. This can be for reasons like load balancing. For example, a huge
email service such as Gmail would require multiple different IPs to use
for receiving and delivering email due to the sheer number of people using
the service.
Getting a better understanding of all the possible things an IP address on
the Internet can represent is crucial for investigating suspicious activity
coming from IPs. So far I've talked about what an IP address looks like, its
significance in the context of networks, static versus dynamic IPs, and how IPs
and IP ranges are assigned/delegated. In the next article, I will talk about
different ways to gain more information about a particular IP.