What can you do with an IP address? There are two types of people asking this question: people who are learning about hacking and cybersecurity, and people who have been hacked. In the second case, they want to know what the hacker can do with their IP address. If you want a quick answer, most people can do little harm by knowing your IP address, but a real hacker – that’s a different story.
What Can You Do with an IP Address?
What is an IP address anyway?
An IP address is an identifier of your device over the Internet. Like a postal address identifies the geographic position of your house, an IP address identifies a logical (and roughly geographical) position of your device on the Internet.
Remember that the Internet is just a collection of connected devices, your IP address is where you stand in that network of devices.
On the Internet, communication happens by sending messages from an IP address to another, so in short if someone knows your IP address, he can send you traffic. With traffic, we mean any type of communication that happens over the Internet: web pages, files, video streams, music, and more.
With this in mind, here’s what you can do with an IP address:
- Send traffic to a device
- Approximately geolocate
- Reconnaissance (find vulnerabilities)
- Test vulnerabilities
1. Send traffic to a device
If you know the IP address of a device, you can send traffic to it. This is the most complete answer to “what you can do with an IP address?”. However, it’s an empty answer, because what matters here is what type of traffic you send. You could send traffic that just goes wasted, and serves nothing, or carefully crafted messages that serve a purpose.
This is because communication over the Internet is generally bidirectional and virtually always consensual. We are not talking about people talking to people, but computers talking to other computers with networking protocols. You cannot just send traffic to a device, for that to work the other device must be willing to listen.
At the basis of this we have ports, and then some security layers such as firewalls and NAT. A port identifies a specific application on a device, such as a web server, Skype, League of Legend, or virtually anything. You cannot just send traffic to a device, for it to be actually processed you need to send it to an application on that device. And, for all of this to work, the application must be on, listening, and willing to accept connections from you. If that’s the case, you can communicate with that application.
2. Approximately geolocate
Have you ever seen a movie where they geolocate a device in the exact room and floor of a building? That’s probably beyond reality of even GPS, but for sure they cannot do that with IP addresses.
So, what can you do with an IP address in terms of geolocation? You can identify an approximate location, with a range of about 30 miles or 50 kilometers. The thing is that IP addresses are loosely related with geographic location, and they are more related with the network infrastructure.
In short, Internet Service Providers like AT&T, Verizon, Orange, British Telecom and the like owns big chunks of IP addresses (that are just numbers in the end). They assign blocks of IP addresses to areas of their network, where we can imagine that there is a “master device”. Then, this device assigns the IP address to any customer connecting to that area. Now, let me be frank: this is an overly simple and gross simplification, but it does the job for today.
The criteria for IP assignment are private and managed by the ISP, and most often are just a first-come-first-served basis, which also means the same IP will move across customers over time. So, we cannot know for sure the geographic location of a device, but we can know the area covered by the “master device” assigning the IP address. That’s pretty much public information, and we can have that reliably.
The only catch is that this goes with population density: there more dense the population, the more customers out there, the more IP addresses needed, the more “master devices” needed to assign IPs. Hence, you will find more “master devices” in urban areas, each covering a smaller footprint in terms of space, as there are more customers per square mile. The opposite is true for rural areas, where a master device can cover a significant area. So, your range of tolerance will be much more precise in Paris, France than in rural Montana.
To do that, just search geolocate IP on Google and you will find sites that allows you to do that, for free.
3. Reconnaissance (find vulnerabilities)
If you ask me “what can you do with an IP address?”, reconnaissance is the first thing that comes to mind. It is the starting point for any hacking activity, and if someone plans to do something with an IP address, that is something that they will do for sure at some point – particularly at the beginning.
Reconnaissance is a hacking term borrowed from classical military strategy. In fact, in military strategy it means checking out what the terrain is like and how the enemy may be organizing: hacking is no different. It is about finding out what are the vulnerabilities of the target device, and potential ways to exploit them.
If knowing an IP address is like knowing a postal address, reconnaissance is like going there and take pictures and analysis what might be the best way to get in past the security systems.
The first and most basic step of reconnaissance is a port scan, one of the easiest reconnaissance techniques and clearly the best starting point. Recall that, in the end, you don’t hack devices, but applications and processes on devices. Most of those applications work with TCP or UDP, it means they are identified by a port number: a simple integer number. You can try to connect to all port numbers to see which ones accept a connection, so you know which application is behind. That’s how a port scan work.
Tip: you can download the most powerful tool for port scanning, nmap, for free. Just click here.
Upon completion of port scan, you will have a list of applications listening on the target device. Normally, the same OS will have the same group of ports open, plus some others depending on what programs are installed on the device. This means that we gain two types of intelligence by doing reconnaissance.
- A guess about the operating system of the device
- List of the applications on the device that are listening over the network
It may sound easy, and in a sense, it is, but the real challenge is going through multiple layers of security. Chances are, when you think about a device to be hacked you will think about a computer or smartphone. That’s good, but they are not directly plugged into the Internet “naked” the way they are.
Instead, devices mostly connect through routers and firewalls that perform NAT. Those devices acts as a gatekeeper between the Internet as a whole and the local network, such as your home or office network. If you send traffic from the Internet to the target device, you need to traverse the firewall, and this may block something – actually, most things. So, even if the end device has some ports open and listening, you might not be able to find that out from the Internet.
Furthermore, NAT is a technology implemented on the firewall (or router) where the IP address of the “real” device is masked with the one of the firewall. This has both practical and security uses, and it is implemented in most cases. In fact, the most common firewall setup is a NAT that allows connection only initiated from the local network and toward the Internet, not the other way around.
This means, if you collect an IP address, you will get the one of the firewall. So, the first step of reconnaissance is to gather intelligence about the firewall, because that’s the first thing to hack. Once you do that, you are in the local network, and you can target the “real” device.
4. Test Vulnerabilities
Testing vulnerability is the natural next step after the reconnaissance, and if you ask me “what can you do with an IP address?” I would certainly mention it as an end goal. Once an hacker finds an IP address of a device or a firewall and identifies a list of open ports, he can start to test the vulnerability.
For example, if port 80 is open it is very likely that there is a web server running, because that is the HTTP port. We can then craft a fake HTTP Request to talk directly with that application, because in the original port scan we send only “dumb” traffic. In this request, we can easily gather information about the web server application name and version in most cases.
Then, we can search over the Internet known vulnerabilities of that specific application: they are called CVE, and can be found freely online. We are likely to find tons of them, with clear instructions on how they are executed. Then, we only need to dig and find one that we can exploit considering the access we have.
For example, if the web server has a vulnerability if you modify configuration files that’s good, but we cannot modify configuration files from the access we have now. Instead, if it has a vulnerability that can be exploited through HTTP requests, we can exploit that. Maybe that will allow us to gain further privilege, so we can then execute the vulnerability on the configuration files.
Exploiting vulnerabilities is like solving enigmas, like opening one lock after another, like navigating through a maze that gets more and more complex. You need to find the little vulnerability that gives you just a little more access, and continue that way until you have the access you need. That’s the way hackers operate.
What Can You Do with an IP Address RIGHT NOW?
Okay, now you have an idea about what can you do with an IP address, and what hackers do. But how do you start exactly? We can conclude this article about what can you do with an IP address with a list of resources you must check out to get started.
Remember that the purpose of this post is to be educational. We do not endorse any activity that might be illegal, and you are the only one responsible for your actions.
Here are the resources to continue learning on your hacking journey.
- How to execute a port scan with nmap and ZenMap
- A deep dive on TCP and UDP, necessary to better understand how port scan works and how to better exploit them
- A deep device on how NAT works, to understand the layers of security faced by an hacker and how they work from the inside
- A guide on CVE vulnerabilities and how to learn about them
If you are interested about hacking network, you may also want to start with our CCNA course that teach you a great deal about networking. That is a must-have skill for hackers and can also land you nice jobs in the industry. And our course is totally free, so check it out here.