General Question

EtherRoom's avatar

Can someone hack your computer if they have your ip address ?

Asked by EtherRoom (381 points ) May 5th, 2011

Is it possible for someone to hack your computer if they have your ip address ? How can someone hack it ? I have not downloaded any viruses, or download any funny emails, but I’m scared of someone hacking it. What are some ways I can protect my comp from being hacked ?

Observing members: 0 Composing members: 0

14 Answers

FutureMemory's avatar

Can someone hack your computer if they have your ip address ?

No.

What are some ways I can protect my comp from being hacked ?

Don’t download any funny emails.

EtherRoom's avatar

Can they pay someone to hack my computer ?

dabbler's avatar

What IP address? Your computer probably doesn’t have an IP address that makes sense outside your home side of your router/internetModem. If you have a typical setup your router/cableModem/InternetThingie does have one IP address that is ‘exposed’ to the internet, provided from a pool of IP addresses allotted to your ISP/internetServiceProvider. Often if you type 192.168.[0,1,2].1 into your browser you will get the admin page of your router and that might show you the outside WAN address. Any reasonable router is default configured to not respond to packets from the WAN side unless they are responses to requests from inside, so just knowing that address is not very useful. Infected machines make requests from the inside, and they get infected by the user installing something from and email or making a request for some web page or something on a web page that infiltrates the machine. If that happens then, yes, they can hack your machine depending on what has been installed, more likely the smarter infestations these days will harvest personal info to send to the mother ship or use your email account to send out spam. If your machine is thus infected it is a resource that might be available for hire from the controlling entity.
On the inside/home side of your router there is probably DHCP service turned on and that will assign an IP to any computer inside your home that asks for one, probably within the range of 192.168.[0,1,2].[2–250].
If you’re on a windows box pop up a command line and type the command ‘ipconfig’ you will get among other things the IP address of your computer on your internal LAN.
On a mac use systemPreferences/Network and you can see the IP address of your computer.
On a linux box, oh come on seriously, you’re messing with us, right?
Virus protection is pretty mandatory on a windows box and Microsoft Security Essentials is actually pretty good and is free.
On a Mac they say we may be vulnerable soon as techniques for infestation have been invented in the lab. No major ‘wild’ infestations have yet been reported for mac though.

koanhead's avatar

If someone has physical access to your computer, then they may be able to break into it without your IP address. If someone has access to your local network they may be able to do so without an IP address if they can get your MAC address. For remote hacking over an internet knowing the IP address is a necessary but not sufficient condition for access to the machine.
If someone knows your IP address then they can scan your computer for open ports. If they find open ports then they can attempt to exploit the service that listens on that port. Certain services listen on certain ports by default; for example OpenSSH listens on port 22. Therefore if an attacker sees port 22 open they can assume that an SSH server is listening there and attempt to exploit it. It’s a good idea to configure such services to use non-standard ports.
If you are worried about unauthorized access to your computer, use a firewall. All modern operating systems include a firewall, but it is not always enabled by default. You should turn it on and find out how to use it. You might also consider using an Intrusion Detection program like Tripwire.

XOIIO's avatar

@koanhead is right. Give me 5 minutes with any Pc and I can get in

koanhead's avatar

@XOIIO Not mine.

1) BIOS password enabled
2) USB and CD boot disabled
3) ecryptfs

You’d have better luck trying it remotely.

XOIIO's avatar

@koanhead Yeah, but few people are that carefull. Well done, by the way.

koanhead's avatar

@XOIIO Thanks; computer security advice is one of the things I did professionally (back when I had a job).
For others reading this, TAKE HEED!

The measures I have taken would not necessarily keep @XOIIO out of my computer. It would just make it take more than five minutes.

If your information is at all sensitive: SECURE IT.

XOIIO's avatar

@koanhead No kidding.

Dr_Lawrence's avatar

Installing a router between your high speed modem and you computer provides a physical firewall that hides your computer from being probed from outside your home network.

koanhead's avatar

@Dr_Lawrence Most consumer grade routers provide NAT, which is not to be confused with a proper firewall. Most of these products which I have used provide further “firewall” protection which should be enabled where available, but is no replacement for a proper firewall on the local host. By a proper firewall I mean one that performs stateful packet inspection, not merely IP masquerade with port forwarding.
In other words, definitely use the firewall provided by your router; but do not depend on it.

dabbler's avatar

@koanhead nice list for physical access lockdown. This is especially necessary for laptops that could much more easily fall into the wrong hands or walk out in them. Thanks! And you and @Dr_Lawrence make the good case for multiple layers of protection with “firewall” at the router and a better/more active one on the computer. Do you fellows have virus protection recommendations ? Do you use distinct services for email scanning and web surf scanning and system fundamentals monitoring ?

koanhead's avatar

@dabbler I don’t currently administer any Windows machines so I can’t make a very good recommendation there. I last used Microsoft Security Essentials and it seemed to work fine.
MSSE performs on-access scanning, and it’s a bad idea to run two on-access scanners at once in general. I don’t know of any scanners that work specifically on email (except for SpamAssassin and it’s ilk which scan for spam and not virus and work with MTAs and not clients).
I do recommend TripWire or a similar HIDS for monitoring connections and Process Explorer for monitoring your running programs. Check out sysinternals.com for lots of good tools for Windows administration.

And for us Linux folks, remember that top and netstat are your friends. Know them and love them. Or use gnome-system-monitor. Or Conky. Conky is good too.

Answer this question

Login

or

Join

to answer.

This question is in the General Section. Responses must be helpful and on-topic.

Your answer will be saved while you login or join.

Have a question? Ask Fluther!

What do you know more about?
or
Knowledge Networking @ Fluther