Changing IP Once A Week?

[duckwithanokhat]

So my friend is basically bragging to me about how secure he is and that he changes his ip every week. Me personally I think that's bullshit because from my little knowledge, to change one's ip you would either have to run a vpn/proxy 24/7 which I doubt he does because VPNs aren't the fastest network connection or get a new ISP every week. Is changing your ip once a week possible? If so, please explain it to me.

 

Edit: Is changing your IP probable?* Of course its possible.

[DXMember]

Dynamic IP addressing is a thing, the ISP randomizes the IP addresses once a time period, can be a week, can be a day, can be an hour

does it add to security? meh... not much but it sure doesn't hurt

 

even if you're assigned a static IP, you can call your ISP and request to change your IP address and they must comply

[manikyath]

thats not secure, thats how stuff works because we're out of ipv4 addresses. if i turn off my modem between 1 and 2AM i get a new address because thats when my ISP clears up their pool to recover unused addresses for recycling.

 

in most cases if you dont have a router grabbing onto its IP address, or if your isp forcefully changes it regularly (which they shouldnt, thats stupid...) you'll get a new public IP address daily.

[KuJoe]

Changing the IP your ISP gives you is pretty pointless since if somebody can get your IP once they can get it after you change it also. It's much easier to rotate your IP through VPNs which is much better because you can easily change your IP on the fly and not have to wait for your DHCP lease to expire with your ISP.

 

In the grand scheme of things, changing your IP does not increase your security. The only real benefit it offers is if you're under constant DDOS attacks but even then you're stuck with the IP until your ISP lets you change IPs (i.e. DHCP lease expires). If you're talking about playing games online, then a VPN is your best bet because you can easily switch VPNs (and thus switch IPs) and if an attacker tries to DDOS or hack your IP they'll be hitting the VPN server's IP and not your own so you're safe (unless they do hack the VPN server in which case they can get your home IP address easily through logs or the next time you connect to it).

 

I've played online games like CS:GO through a VPN in a different state without any issues. I played for about 3 hours one day and there was no slowness and my ping (latency) stayed under 50ms which is pretty good for most people (I can even keep the latency under 30ms if I connect to a VPN in the same state as me). I used to have my router connect to VPNs so all of my network traffic was tunneled through the VPN but then I couldn't watch most online streaming content.

[Mark77]

On some ISPs that I'm familiar with, to change your IP, all you need to do is chance the gateway's MAC address.  It will pull a new IP address from the DHCP server, and wham, it will be different than previous. 

 

It wouldn't take much to set up a cron job to do this if you used something like dd-wrt or another unix/Linux-based gateway. 

[Mikensan]

You just release your DHCP lease, reboot the device (modem/router) and then you'll get a new IP. For something simple like an "offline" minecraft server where non-authenticated players can connect to, you can bypass IP bans. But there's not many uses for having a new IP address. Especially in terms of security. Means diddly squat if you have a trojan that's re-broadcasting your IP if it detects a change....

[.spider.]

11 hours ago, DXMember said:

 

even if you're assigned a static IP, you can call your ISP and request to change your IP address and they must comply

Who says that?

 

Dynamic IPs are nice they are making it harder to track you. 

[Mikensan]

10 minutes ago, .spider. said:

Who says that?

 

Dynamic IPs are nice they are making it harder to track you. 

Only if you don't turn your computer on after changing your IP...

[.spider.]

6 minutes ago, Mikensan said:

Only if you don't turn your computer on after changing your IP...

That's not true

[Mikensan]

15 minutes ago, .spider. said:

That's not true

Why not? First you have to say why changing your IP protects you... that means somebody found it in the first place else why bother changing it right? So in what scenario would somebody find your IP? And how do you know they have learned your IP address? For this you must realize it because they've done something to you. By then they will have likely installed a trojan or hidden software which will notify them of any IP address changes. Unless they went in for a specific reason and don't need to regain access. Which then the damage is already done.

 

Or lets say your ISP assigned you a static DNS name as some do for their customers. Normally if you do a WHOIS lookup on an IP you can see the assigned name. Just write it down and look it up later. But that can vary from ISP to ISP.

 

tl;dr - either the hacker gives himself the ability to connect again in the future (trojan) or they do the damage they want to do and changing your IP doesn't undo the damage.

[DXMember]

51 minutes ago, .spider. said:

Who says that?

 

Dynamic IPs are nice they are making it harder to track you. 

only one tracking you is ISP, and it does not make it any harder for them to track

your online presence is tracked by planting cookies and analyzing your unique footprint, not by IP

[Jarsky]

Different ISP's have different ways for handling IP's.

 

Some use Dynamic IP's (change every time you resync your connection or change MAC)

Some use Sticky IP's (DHCP lease for a length of time)

Some use Fixed/Static IP's (assigned to your connection, which doesn't change)

And some use CGNAT where you don't even have a dedicated IP - you use internal IP addressing to your ISP, then you share in a pool of IP's for the internet.

 

The company I work for uses a mixture of the first 3 dependant on what service you have, and if you're business, residential, etc...

We also have a child company that provides 'budget' broadband, which uses CGNAT with IPv4/IPv6 addressess available at a cost.

 

Cycling IP addresses really doesn't add any more security to your connection, unless you're in a targeted attack - wether that be DDoS of some description, or they are seeking to find a vunerability.

 

If he's concerned about getting Copyright Infringement notices for download activity - it doesnt matter what his ISP's IP address is, as the notice will be served to his ISP who in turn will have log data to show the IP address assigned to him, in order to serve the notice.

 

As far as being 'tracked' etc...thats done via your browser, normally in the form of cookie tracking or running browser side code or vunerabilities like cross-site scripting - none of which have anything to do with your IP address.

[.spider.]

14 hours ago, Mikensan said:

Why not? First you have to say why changing your IP protects you... that means somebody found it in the first place else why bother changing it right? So in what scenario would somebody find your IP? And how do you know they have learned your IP address? For this you must realize it because they've done something to you. By then they will have likely installed a trojan or hidden software which will notify them of any IP address changes. Unless they went in for a specific reason and don't need to regain access. Which then the damage is already done.

 

Or lets say your ISP assigned you a static DNS name as some do for their customers. Normally if you do a WHOIS lookup on an IP you can see the assigned name. Just write it down and look it up later. But that can vary from ISP to ISP.

 

tl;dr - either the hacker gives himself the ability to connect again in the future (trojan) or they do the damage they want to do and changing your IP doesn't undo the damage.

Why do all people only think about attacking and hacking?

They are also ads, social engineering and so on.

 

DNS entry for an ordinary customer? Never heared about that.

[brwainer]

3 hours ago, .spider. said:

Why do all people only think about attacking and hacking?

They are also ads, social engineering and so on.

 

DNS entry for an ordinary customer? Never heared about that.

Ads are based on cookies that stay in your browser.  Tracking people by IP for ad purposes would never work because most IPv4 addresses used by website users are going to be for a router with tens or hundreds of client devices behind it.

 

Social engineering is done via email, facebook, etc and there is no reason to look up someone's IP if you are trying to manipulate them.

 

every ISP owned IPv4 address has a forward and reverse DNS entry, even if it's just (IP address).ISP.com . Usually they put the city in the name too - it's part of the network structure. I've never heard of a DNS entry that follows customers around to the IP address they get assigned, but it is technically possible. They just have to set up their DHCP or PPPoE servers to update the DNS server when an address is assigned.

[.spider.]

11 minutes ago, brwainer said:

Ads are based on cookies that stay in your browser.  Tracking people by IP for ad purposes would never work because most IPv4 addresses used by website users are going to be for a router with tens or hundreds of client devices behind it.

 

Social engineering is done via email, facebook, etc and there is no reason to look up someone's IP if you are trying to manipulate them.

 

every ISP owned IPv4 address has a forward and reverse DNS entry, even if it's just (IP address).ISP.com . Usually they put the city in the name too - it's part of the network structure. I've never heard of a DNS entry that follows customers around to the IP address they get assigned, but it is technically possible. They just have to set up their DHCP or PPPoE servers to update the DNS server when an address is assigned.

 

13 minutes ago, brwainer said:

Ads are based on cookies that stay in your browser.  Tracking people by IP for ad purposes would never work because most IPv4 addresses used by website users are going to be for a router with tens or hundreds of client devices behind it.

 

Social engineering is done via email, facebook, etc and there is no reason to look up someone's IP if you are trying to manipulate them.

 

every ISP owned IPv4 address has a forward and reverse DNS entry, even if it's just (IP address).ISP.com . Usually they put the city in the name too - it's part of the network structure. I've never heard of a DNS entry that follows customers around to the IP address they get assigned, but it is technically possible. They just have to set up their DHCP or PPPoE servers to update the DNS server when an address is assigned.

Most IPv4 addresses are not used in combination with carrier grade NAT?

That's the reason why you configure your browser so that it flushes the cookies after closing it.

 

Since most IPv4 are the gateway of very small LAN it is very easy to identity unique users.

[brwainer]

3 hours ago, .spider. said:

 

Most IPv4 addresses are not used in combination with carrier grade NAT?

That's the reason why you configure your browser so that it flushes the cookies after closing it.

 

Since most IPv4 are the gateway of very small LAN it is very easy to identity unique users.

In the US, where we hoard over 50% of the IPv4 addresses, CGNAT is rare. I'm not aware of any Cable, DSL, or Fiber ISP in the US that's using CGNAT. All cellphone providers use IPv6 and  CGNAT for IPv4. WISPs might or might not use CGNAT.