What Keeps You from Changing Your Public IP Address and Wreaking Havoc on the Internet?

Posted by Jason Fitzpatrick on How to geek See other posts from How to geek or by Jason Fitzpatrick
Published on Tue, 22 Oct 2013 20:00:41 GMT Indexed on 2013/10/22 21:57 UTC
Read the original article Hit count: 344

What exactly is preventing you (or anyone else) from changing their IP address and causing all sorts of headaches for ISPs and other Internet users?

Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.

The Question

SuperUser reader Whitemage is curious about what’s preventing him from wantonly changing his IP address and causing trouble:

An interesting question was asked of me and I did not know what to answer. So I’ll ask here.

Let’s say I subscribed to an ISP and I’m using cable internet access. The ISP gives me a public IP address of 60.61.62.63.

What keeps me from changing this IP address to, let’s say, 60.61.62.75, and messing with another consumer’s internet access?

For the sake of this argument, let’s say that this other IP address is also owned by the same ISP. Also, let’s assume that it’s possible for me to go into the cable modem settings and manually change the IP address.

Under a business contract where you are allocated static addresses, you are also assigned a default gateway, a network address and a broadcast address. So that’s 3 addresses the ISP “loses” to you. That seems very wasteful for dynamically assigned IP addresses, which the majority of customers are.

Could they simply be using static arps? ACLs? Other simple mechanisms?

Two things to investigate here, why can’t we just go around changing our addresses, and is the assignment process as wasteful as it seems?

The Answer

SuperUser contributor Moses offers some insight:

Cable modems aren’t like your home router (ie. they don’t have a web interface with simple point-and-click buttons that any kid can “hack” into).

Cable modems are “looked up” and located by their MAC address by the ISP, and are typically accessed by technicians using proprietary software that only they have access to, that only runs on their servers, and therefore can’t really be stolen.

Cable modems also authenticate and cross-check settings with the ISPs servers. The server has to tell the modem whether it’s settings (and location on the cable network) are valid, and simply sets it to what the ISP has it set it for (bandwidth, DHCP allocations, etc). For instance, when you tell your ISP “I would like a static IP, please.”, they allocate one to the modem through their servers, and the modem allows you to use that IP. Same with bandwidth changes, for instance.

To do what you are suggesting, you would likely have to break into the servers at the ISP and change what it has set up for your modem.

Could they simply be using static arps? ACLs? Other simple mechanisms?

Every ISP is different, both in practice and how close they are with the larger network that is providing service to them. Depending on those factors, they could be using a combination of ACL and static ARP. It also depends on the technology in the cable network itself. The ISP I worked for used some form of ACL, but that knowledge was a little beyond my paygrade. I only got to work with the technician’s interface and do routine maintenance and service changes.

What keeps me from changing this IP address to, let’s say, 60.61.62.75 and mess with another consumer’s internet access?

Given the above, what keeps you from changing your IP to one that your ISP hasn’t specifically given to you is a server that is instructing your modem what it can and can’t do. Even if you somehow broke into the modem, if 60.61.62.75 is already allocated to another customer, then the server will simply tell your modem that it can’t have it.

David Schwartz offers some additional insight with a link to a white paper for the really curious:

Most modern ISPs (last 13 years or so) will not accept traffic from a customer connection with a source IP address they would not route to that customer were it the destination IP address. This is called “reverse path forwarding”. See BCP 38.


Have something to add to the explanation? Sound off in the the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.


    






© How to geek or respective owner

Related posts about superuser

Related posts about networking