It’s like putting your phone number on the wall of a bathroom stall. Maybe you won’t get a lot of prank calls, maybe you will. It’s a crapshoot.
The thing is, posting your public IP is like asking for a number of hackers to start probing your network for lapses in security. Not because you’re a juicy target, but simply because you put the information out there. That’s been bog standard for the internet for 20 years now.
Sure, IP addresses can be found through various ways, but having them out for everybody to see is just asking for more trouble than it is worth. You’re making yourself a target and creating more work for yourself if you’re constantly getting hacked because of it.
Like I don’t even want to do anything malicious and I immediately started up a traceroute.
A trip to shodan should be enough to convince you that ipv4 space is small enough that it really doesn’t buy you much to hide anything. Maybe a tiny bit of extra privacy by not associating an identity to an IP, but even that is pretty quickly blown away if you host anything identifiable. Which is the small web we’d benefit from restoring anyway.
The difference is a random IP is a random IP. You don’t know who it’s connected to. Once someone says “This is my IP” you now have it connected to a specific person, and other specific people may want to fuck with the original person.
Bots already scan all open IP addresses for vulnerabilities, but hackers live for people who give up information for free because fucking with someone who thinks they’re safe from it all is fun to them apparently.
Right, that’s the privacy aspect I mentioned. PII tied to your IP is now available, even if it’s just a pseudoidentity. But hosting anything also likely throws that out the window in the same way. Unless you have more users on your hosted service, but even then it narrows things down.
So just put your phone number on the front page of Lemmy. Or are you practicing security through obscurity by not releasing it? /s
It’s not security through obscurity to not divulge information that need not be divulged. It’s not obscure if there’s lots of ways to find an IP. Like I said, it’s like putting a phone number out there. Like that one guy from 10 years ago who posted his phone number online and immediately regretted it because his phone just wouldn’t stop ringing. He wasn’t “afraid” until it totally fucked up his ability to use his phone. I’m just trying to be helpful. If you really want to put yourself on blast, go for it man.
There are some things you can’t hide for the internet to work, such as IP addresses, so an IP address on it’s own is not privileged information. Announcing to the world that “this is my IP address” adds information and context which from a privacy perspective is privileged. If someone has an issue with you, they might target their focus to seeing if there’s a service running which is vulnerable at your IP, or they could initiate a DDoS against you.
If it’s your only layer of security, it’s not good. But when a website doesn’t tell you whether or not an email account exists when you try a username and password, it’s still obscurity (you’re not confirming one way or the other) but it’s still a useful level of security. IPs are generally not given out for a reason. Most people don’t even realize they don’t get hacked simply because they aren’t targeted. That you even route local traffic via the internet is interesting to begin with and makes me wonder if you truly are prepared for a targeted attack. Maybe you decided it’s not worth the effort but maybe you don’t know how. I don’t know. But nonetheless, you’re making yourself more of a target.
It’s like putting your phone number on the wall of a bathroom stall. Maybe you won’t get a lot of prank calls, maybe you will. It’s a crapshoot.
The thing is, posting your public IP is like asking for a number of hackers to start probing your network for lapses in security. Not because you’re a juicy target, but simply because you put the information out there. That’s been bog standard for the internet for 20 years now.
Sure, IP addresses can be found through various ways, but having them out for everybody to see is just asking for more trouble than it is worth. You’re making yourself a target and creating more work for yourself if you’re constantly getting hacked because of it.
Like I don’t even want to do anything malicious and I immediately started up a traceroute.
A trip to shodan should be enough to convince you that ipv4 space is small enough that it really doesn’t buy you much to hide anything. Maybe a tiny bit of extra privacy by not associating an identity to an IP, but even that is pretty quickly blown away if you host anything identifiable. Which is the small web we’d benefit from restoring anyway.
The difference is a random IP is a random IP. You don’t know who it’s connected to. Once someone says “This is my IP” you now have it connected to a specific person, and other specific people may want to fuck with the original person.
Bots already scan all open IP addresses for vulnerabilities, but hackers live for people who give up information for free because fucking with someone who thinks they’re safe from it all is fun to them apparently.
Right, that’s the privacy aspect I mentioned. PII tied to your IP is now available, even if it’s just a pseudoidentity. But hosting anything also likely throws that out the window in the same way. Unless you have more users on your hosted service, but even then it narrows things down.
isnt that like… security through obscurity? not really a fan of that
deleted by creator
So just put your phone number on the front page of Lemmy. Or are you practicing security through obscurity by not releasing it? /s
It’s not security through obscurity to not divulge information that need not be divulged. It’s not obscure if there’s lots of ways to find an IP. Like I said, it’s like putting a phone number out there. Like that one guy from 10 years ago who posted his phone number online and immediately regretted it because his phone just wouldn’t stop ringing. He wasn’t “afraid” until it totally fucked up his ability to use his phone. I’m just trying to be helpful. If you really want to put yourself on blast, go for it man.
There are some things you can’t hide for the internet to work, such as IP addresses, so an IP address on it’s own is not privileged information. Announcing to the world that “this is my IP address” adds information and context which from a privacy perspective is privileged. If someone has an issue with you, they might target their focus to seeing if there’s a service running which is vulnerable at your IP, or they could initiate a DDoS against you.
If it’s your only layer of security, it’s not good. But when a website doesn’t tell you whether or not an email account exists when you try a username and password, it’s still obscurity (you’re not confirming one way or the other) but it’s still a useful level of security. IPs are generally not given out for a reason. Most people don’t even realize they don’t get hacked simply because they aren’t targeted. That you even route local traffic via the internet is interesting to begin with and makes me wonder if you truly are prepared for a targeted attack. Maybe you decided it’s not worth the effort but maybe you don’t know how. I don’t know. But nonetheless, you’re making yourself more of a target.