Why not publicly display the posters IP address?

Aloha

I second that
although there might be a good reason would be curious ?

Hmm When a Mod gets here, he will explain.:D

Aloha
I guess I might worry about idiots abusing stuff
and some privacy issues also ??

I wonder if this could fit in the other thread and maybe post IP numbers of the hosts that are posting offers ??
a little less hiding that way
but whatever is is

Originally posted by AnIdiot
Why not publicly display the posters IP address?

I strongly oppose the display of the IP addresses. I do not have a problem with them being logged by WHT, I just do not want my IP address displayed for anyone to see.

I often post messages discussing firewall and other security issues on my server and home network, and I do not want those messages to be an open invitation to anyone who happens to be lurking, looking for a challenge.

This is funny.
I actually emailed Matt a month or so ago, asking that they please discontinue publicly posting ip's. I know there are far more lurkers here than there are posters, and I don't want some 15 year old kid with too much time on his hands get to angry at me and hit my static ip address.
Just my opinion...and you KNOW what those are like!

I do like the idea that it would cut down on people using multiple accounts, but I would rather trust the mods to check that.

Actually, standard forum policy has been to publicly display IP addresses, which has been the case for the last year and a bit. However, during the switch to Voxel we didn't switch it back on. We've left it off for now since IPs are logged in the vB CP anyway, as well as the fact that IP display was corrupted for quite a while before we moved to Voxel because of DB corruption.

This is, of course, subject to change without notice later on, but for now, the mods are fairly neutral-ish on the topic and we'll leave it as they are.

hmm. . . .Now that I think about it. . :eek:

And. . . . Kids being kids. . . .:rolleyes:

I kinda like it this way.:D

Originally posted by BC
Actually, standard forum policy has been to publicly display IP addresses, which has been the case for the last year and a bit...

Yeah, but the addresses were not being displayed correctly, i.e., my actual address was never displayed. Thats why I never said anything.

This is, of course, subject to change without notice later on, ...

I would very much appreciate it if you would rethink the "without notice" aspect of this. If you start displaying my IP address, I would like the opportunity to remove it and myself from WHT beforehand.

Originally posted by Mike the newbie

I would very much appreciate it if you would rethink the "without notice" aspect of this. If you start displaying my IP address, I would like the opportunity to remove it and myself from WHT beforehand.

Very fair request (me : :smash: myself), and if we decide on anything we'll let you know........

Yes I cast my vote in favor of the IP address. I really think it was better that way, it helped keep people in check, and also gave us a feeling of a closer community.

I dont really mind if some 15-year old kid has my IP Address. Our ADSL connections get scanned/pinged (mostly TCP/UDP/FTP Port Probes) every 3-5 minutes anyways so a few more won't harm anyone here :D :rolleyes:

Originally posted by Kiwi
I dont really mind if some 15-year old kid has my IP Address. Our ADSL connections get scanned/pinged (mostly TCP/UDP/FTP Port Probes) every 3-5 minutes anyways so a few more won't harm anyone here :D :rolleyes:


I get the probes as well, and they are harmless.

However, there is a not so subtle difference between being probed and being targeted. Hopefully you will never have to learn the difference firsthand.

Actually. . . .I saw this posted in another forum and it sounded like a good idea to me :rolleyes:

Originally posted by brav0

would it it be possible to show the ip of the poster (maybe hiding the last 3 digits to protect privacy) instead of just saying "Logged"??


Just a thought.

That is a good idea. I used to remove the last section of the IP of my chat site visitors, as I had about 15K chatters a day and WinNuke was _very_ popular then, a few years ago. it seemed to work well, even if they only had to go through 255 digits to hit them. Who'd go through that much trouble, not even knowing if it's the right "target"? I doubt even a script kiddie would do more than probe at that point, looking for one of 255 targets. Good idea here too.

Yea, I saw that post too, and thought it was a brilliant idea. I use this from work, and they would kind of get paranoid me posting questions / opinions etc with people being able to easily find out who I work for.

:eek4: Static IP addresses scare me anyway... (and don't say it's just like a postal address.. I'm scared of those too and live on a boat!)

Sorg

Originally posted by Mike the newbie



I get the probes as well, and they are harmless.

However, there is a not so subtle difference between being probed and being targeted. Hopefully you will never have to learn the difference firsthand.

Actually we get some nice ICMP Floods & Smurfs too - every day :D:(

Originally posted by Kiwi


Actually we get some nice ICMP Floods & Smurfs too - every day :D:(


Probed: sitting in a doctor's office, and the doctor says, "say aaaahhhh".

Targeted: standing in the middle of a football field with a bulls-eye on your back, and there are a couple of dozen sharp-shooters in the stands with high-powered rifles.

The former is vaguely uncomfortable; the latter is a fight for survival.

:D

Originally posted by Mike the newbie



Probed: sitting in a doctor's office, and the doctor says, "say aaaahhhh".

Targeted: standing in the middle of a football field with a bulls-eye on your back, and there are a couple of dozen sharp-shooters in the stands with high-powered rifles.

The former is vaguely uncomfortable; the latter is a fight for survival.

:D

Aloha
or if we want to be sick being the new boy in prison
this kind of probe would not be good would rather have the sharpshooters

If you are concerned about probes, you should goto https://grc.com/x/ne.dll?bh0bkyd2 to see what your results are. I use Norton Security on my pc, and here are the results and descriptions it gave me.

*******************************
Port
Service
Status Security Implications
-------------------------------------------------
21
FTP
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

23
Telnet
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

25
SMTP
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

79
Finger
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

80
HTTP
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

110
POP3
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

113
IDENT
Closed Your computer has responded that this port exists but is currently closed to connections.

139
Net
BIOS
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

143
IMAP
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

443
HTTPS
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!


Port Status Descriptions:- Stealth!
If all of the tested ports were shown to have stealth status, then for all intents and purposes your computer doesn't exist to scanners on the Internet!

It means that either your computer is turned off or disconnected from the Net (which seems unlikely since you must be using it right now!) or an effective stealth firewall is blocking all unauthorized external contact with your computer. This means that it is completely opaque to random scans and direct assault. Even if this machine had previously been scanned and logged by a would-be intruder, a methodical return to this IP address will lead any attacker to believe that your machine is turned off, disconnected, or no longer exists. You couldn't ask for anything better.

There's one additional benefit: scanners are actually hurt by probing this machine! You may have noticed how slowly the probing proceeded. This was caused by your firewall! It was required, since your firewall is discarding the connection-attempt messages sent to your ports. A non-firewalled PC responds immediately that a connection is either refused or accepted, telling a scanner that it's found a live one ... and allowing it to get on with its scanning. But your firewall is acting like a black hole for TCP/IP packets! This means that it's necessary for a scanner to sit around and wait for the maximum round-trip time possible — across the entire Net, into your machine, and back again — before it can safely conclude that there's no computer at the other end. That's very cool.
*******************************

I used that site to test my proxy and tighten all my security up.

I don't agree with IP addresses being published, as I can't see any real value in it.

i.e. New member joins, adds email address from some freebie somewhere, has a dynamic IP address (and if like me they probably have more than one dial up account) and then posts under an alias.

No disrespect intended - but of all posts here, no one has written anything that gives me any reason to be convinced otherwise.

Regards
Eladesor

Originally posted by Kiwi
I dont really mind if some 15-year old kid has my IP Address. Our ADSL connections get scanned/pinged (mostly TCP/UDP/FTP Port Probes) every 3-5 minutes anyways so a few more won't harm anyone here :D :rolleyes:

I agree. I doubt it isnt anything our firewall cant handle. I dont know if I see a purpose in posting IP's though...

Well, over on FWS, IP's being public help prevent abuse. For example, people come in bragging up a host, and then suddenly the host is responding to them. Then you look at the IP's and find all those people have the same IP as the host himself. Kinda funny when you catch them spamming like that..LOL

There are quite a few reasons for having IP's posted, that is just one of many. Privacy is often a reason used to not have them publicly displayed, however, IP's are public information, so the privacy issue means squat on this issue. Security is a good point, but people need to learn to use a good firewall. Having IP's public could very well pressure the ignorant to learn. Sorry, but you have to look out for #1, dont expect websites like this to not post IP's because of your own lack of security. If they leave IP's off, then you are fooled into thinking you are safe. Every server on the net logs IP's. I think it would be a public service for wht to post IP's.

I have IP's off (I think) for our own forums. However, it is not an issue there like it is here. My own personal opinion here is that maybe they should be left off, but known members can request the IP of another if they have a good reason for the request. A good example would be a client complaining terribly about a host and really making them look bad. The host should be able to request that person's IP from here to determine who they are and if indeed they are a client of theirs. By doing so, the host will be able to defend itself if that client was actually the one in the wrong. Again, that's just one of many reasons.

The ones against it being public generally fall into two catagories.
1) Concern about their own security, and lack knowledge to fully understand it.
2) They have been doing something wrong and people knowing their IP concerns them.

if you post people's IP then you get stupid posers who trace it and then criticize you on whatever info they can pull up.... hmmm, is it me or does it seem like a lot of people on WHT would do that?

The ones against it being public generally fall into two catagories. 1) Concern about their own security, and lack knowledge to fully understand it.
2) They have been doing something wrong and people knowing their IP concerns them.

So as I disagree, I probably fall into either 1 or 2 above?

I used that site to test my proxy and tighten all my security up.

So which one do you fall into?

Regards
Eladesor

Originally posted by Webdude
Well, over on FWS, IP's being public help prevent abuse. For example, people come in bragging up a host, and then suddenly the host is responding to them. Then you look at the IP's and find all those people have the same IP as the host himself. Kinda funny when you catch them spamming like that..LOL
It won't really prevent abuse.... When I was with Earthlink, I could log in via six different dial-up providers, so I had the ability to have the appearance of coming in from six totally unrelated IP addresses.
There are quite a few reasons for having IP's posted, that is just one of many.
Well I shot down the only reason you've suggested. What are your others?
Privacy is often a reason used to not have them publicly displayed, however, IP's are public information, so the privacy issue means squat on this issue.
My IP address and who owns it (i.e., the ISP that provide my internet service) are public information. However the tying of my IP address to my alias on this board is subject to the privacy policy decisions of the owners of this board. And I am asking them to be judicious with my privacy.
Security is a good point, but people need to learn to use a good firewall. Having IP's public could very well pressure the ignorant to learn. Sorry, but you have to look out for #1, dont expect websites like this to not post IP's because of your own lack of security. If they leave IP's off, then you are fooled into thinking you are safe. Every server on the net logs IP's. I think it would be a public service for wht to post IP's.

My firewall is good, but why should I advertise a target? No matter how good your firewall is, it will not stop DoS attack.

I have IP's off (I think) for our own forums. However, it is not an issue there like it is here. My own personal opinion here is that maybe they should be left off, but known members can request the IP of another if they have a good reason for the request. A good example would be a client complaining terribly about a host and really making them look bad. The host should be able to request that person's IP from here to determine who they are and if indeed they are a client of theirs. By doing so, the host will be able to defend itself if that client was actually the one in the wrong. Again, that's just one of many reasons. That should be a decision of the moderator, and should be spelled out ahead of time in a privacy policy.

The ones against it being public generally fall into two catagories.
1) Concern about their own security, and lack knowledge to fully understand it.
2) They have been doing something wrong and people knowing their IP concerns them.


re: (1) Perhaps the more you know and understand security, the more you prefer not to advertise doorways into your house, no matter how secure those doorways may be.

Warfare is the Way of deception. Thus although you are capable, display incapability to them. When committed to employing your forces, feign inactivity. -- Sun-tsu, The Art of War



re: (2) McCarthyism died in the 1950's.

Mike the newbie,

You definetely get my vote - 100%

Regards
Eladesor.

right on mike. you hit it on the nail.