Skip to main content

Kas gi neapsaugo nuo viešo IP adreso keitimo ir interneto sukrėtimo?

Kas gi neapsaugo nuo viešo IP adreso keitimo ir interneto sukrėtimo?

Geoffrey Carr

Kas tiksliai neleidžia jums (ar kas nors kitam) keisti savo IP adresą ir sukelti visų rūšių interneto svetainių ir kitų interneto vartotojų galvos skausmą?

Šiandieninė klausimų ir atsakymų sesija pateikiama su "SuperUser" - "Stack Exchange", bendruomenės valdoma Q & A grupių asociacija.


SuperUser skaitytojas Whitemage yra įdomu, kas neleidžia jam netinkamai keisti jo IP adreso ir sukelti problemų:

An interesting question was asked of me and I did not know what to answer. So I’ll ask here.

Let’s say I subscribed to an ISP and I’m using cable internet access. The ISP gives me a public IP address of

What keeps me from changing this IP address to, let’s say,, and messing with another consumer’s internet access?

For the sake of this argument, let’s say that this other IP address is also owned by the same ISP. Also, let’s assume that it’s possible for me to go into the cable modem settings and manually change the IP address.

Under a business contract where you are allocated static addresses, you are also assigned a default gateway, a network address and a broadcast address. So that’s 3 addresses the ISP “loses” to you. That seems very wasteful for dynamically assigned IP addresses, which the majority of customers are.

Could they simply be using static arps? ACLs? Other simple mechanisms?

Du dalykai, kuriuos reikia ištirti čia, kodėl mes negalime tiesiog keisti savo adresus ir ar perdavimo procesas yra toks bundškas, koks atrodo.


"SuperUser" autorius "Moses" siūlo keletą įžvalgų:

Cable modems aren’t like your home router (ie. they don’t have a web interface with simple point-and-click buttons that any kid can “hack” into).

Cable modems are “looked up” and located by their MAC address by the ISP, and are typically accessed by technicians using proprietary software that only they have access to, that only runs on their servers, and therefore can’t really be stolen.

Cable modems also authenticate and cross-check settings with the ISPs servers. The server has to tell the modem whether it’s settings (and location on the cable network) are valid, and simply sets it to what the ISP has it set it for (bandwidth, DHCP allocations, etc). For instance, when you tell your ISP “I would like a static IP, please.”, they allocate one to the modem through their servers, and the modem allows you to use that IP. Same with bandwidth changes, for instance.

To do what you are suggesting, you would likely have to break into the servers at the ISP and change what it has set up for your modem.

Could they simply be using static arps? ACLs? Other simple mechanisms?

Every ISP is different, both in practice and how close they are with the larger network that is providing service to them. Depending on those factors, they could be using a combination of ACL and static ARP. It also depends on the technology in the cable network itself. The ISP I worked for used some form of ACL, but that knowledge was a little beyond my paygrade. I only got to work with the technician’s interface and do routine maintenance and service changes.

What keeps me from changing this IP address to, let’s say, and mess with another consumer’s internet access?

Given the above, what keeps you from changing your IP to one that your ISP hasn’t specifically given to you is a server that is instructing your modem what it can and can’t do. Even if you somehow broke into the modem, if is already allocated to another customer, then the server will simply tell your modem that it can’t have it.

Davidas Schwartzas siūlo keletą papildomų įžvalgų su nuoroda į baltąjį dokumentą tikrai įdomu:

Most modern ISPs (last 13 years or so) will not accept traffic from a customer connection with a source IP address they would not route to that customer were it the destination IP address. This is called “reverse path forwarding”. See BCP 38.

Ar turite ką nors įtraukti į paaiškinimą? Garsas išjungtas komentaruose. Norite skaityti daugiau atsakymų iš kitų "Tech-savvy Stack Exchange" vartotojų? Patikrinkite visą diskusijų temą čia.