Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

Re^2: Net::IP convert ip to int

by cavac (Chaplain)
on Jun 24, 2012 at 19:11 UTC ( #978073=note: print w/ replies, xml ) Need Help??


in reply to Re: Net::IP convert ip to int
in thread Net::IP convert ip to int

As another monk told you, assuming the user alsways gets an IP from the same block is a dangerous road. It wont work for most DSL links and certainly not for mobile devices like tablets.

Even assuming the user stays in the same building (for example a company), when unplugging or plugging an ethernet cable, many devices automatically switch from WLAN to LAN or vice versa. And, on a reasonably big network, these might be in different IP ranges.

Also, you can not assume that it's "safe" if the IP changed but stayed in the same IP range. Many script kiddies are just that: Young people, often living or working in a small or large group together. You know, pupils, students, apprentice PerlMonks, and so on. And often enough, they are very... enthusiastic... about their skills while still learning the more intricate details of right and wrong... ;-)

On the other hand, multiple users may share a single IP adress because they are behind a NAT or using a SSH connection or other tunnel to the same server. Or, for HTTP, they might use the same proxy.

Your method also ultimatively will fail rather sooner than later from a simple, mathematical standpoint: We are running out of IPv4 adresses and more and more networks start to enable IPv6. For this, you need another set of calculations.

Finally, you can not even rely on an unchanged IP. With access to the users local network, it's usually not that hard to knock his/her computer of the net and re-use the IP for ones own purposes for a short time. That's why cryptography was invented. You know, SSL and stuff.

(Not that anything i just said really matters for the "wrong" kind of users. I know a number people who run a pirated, unpatched Version of XP. Without AntiVirus of course. But with IE6 that came pre-installed. Only two of them have learned their lesson in the last year, both got their online banking access hijacked.)

"You have reached the Monastery. All our helpdesk monks are busy at the moment. Please press "1" to instantly donate 10 currency units for a good cause or press "2" to hang up. Or you can dial "12" to get connected directly to second level support."


Comment on Re^2: Net::IP convert ip to int
Re^3: Net::IP convert ip to int
by afoken (Parson) on Jun 24, 2012 at 19:49 UTC

    In the old days of the WWW, AOL users were forced to use HTTP proxies provided by AOL. The setup had the annoying feature of using a different proxy for each request, so that the requests from a single user appeared to come from a large set of very different IP addresses, while each single IP address was used by a large set of users. Websites that assumed constant client IP addresses were unusable, websites that assumed one user per client IP address had huge security issues. I don't know if AOL still uses this setup, things have changed a lot since then. But as far as I know, this setup does not violate a single RFC, and websites that can't handle this setup are broken, period.

    HTTP Proxies have become more and more popular, especially in corporate environments; mainly for security and for filtering / censoring unwanted content (mainly malware and porn sites). Many mobile internet providers offer a low cost connection that uses private IP addresses for the mobile device and a forced, transparent HTTP proxy to reduce the data volume in their mobile networks. But unlike AOL, they seem to use only a single proxy, or at least try not to change the proxy during a dialup session.

    Big internet providers have several IPv4 address pools, simply because they had to request a new block from time to time. Those pools are not continuous, but fragmented. Dial-up (and DSL) clients get a random IP address from the pool, and with each new dial-up, the IP address may change wildly. Some providers use several small regional pools with perhaps two, three or four IP ranges, some have use a large common pool for the entire state with a large number of IP ranges.

    At least in Germany, DSL connections are disconnected after 24 hours, and usually, the IP address changes after the reconnect. Fixed IPv4 addresses are available for extra money.

    Alexander

    --
    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

      In the old days of the WWW, AOL users were forced to use HTTP proxies provided by AOL. The setup had the annoying feature of using a different proxy for each request, so that the requests from a single user appeared to come from a large set of very different IP addresses, while each single IP address was used by a large set of users.

      Actually, that's probably one of the better ideas of AOL, but of course messy in it's execution. Using all the proxies round-robin, it's easier to even the system load. And even if one fails (and is not automatically offlined from the pool), users will still be able to use the internet (except with the occasional reload of the page required).

      When the system was introduced, most of the web pages where static anyway, so the client's IP address didn't matter so much.

      But as far as I know, this setup does not violate a single RFC,

      Of course. By design, HTTP is a stateless protocol. That's why you have cookies and such.

      and websites that can't handle this setup are broken, period.

      Yes. And no. For corporate intranet stuff i still require the user to re-login after an IP address change. It's a very complicated technical/political thing. (BOFH-Reasoning: Frankly, i just really hate it when my users carry their running laptops with their spinning harddrives through half the building into a conference room and fiddling with the beamers VGA cable when there is a perfectly good PC already connected and ready to go... which of course always end up not having a network cable plugged in afterwards. But bringing his/her own laptop now serves one purpose less and saves considerable wear on my L.A.R.T. as well as on laptop drives.)

      "You have reached the Monastery. All our helpdesk monks are busy at the moment. Please press "1" to instantly donate 10 currency units for a good cause or press "2" to hang up. Or you can dial "12" to get connected directly to second level support."

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://978073]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (7)
As of 2014-12-22 23:06 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (133 votes), past polls