Thursday, November 20, 2008

IP Address

An IP address (Internet Protocol address) is a unique address that certain electronic devices use in order to identify and communicate with each other on a computer network utilizing the Internet Protocol standard (IP)—in simpler terms, a computer address. Any participating network device—including routers, switches, computers, time-servers, printers, Internet fax machines, and some telephones—can have their own unique address.

In other words, the IP address acts as a locator for one IP device to find another and interact with it. It is not intended, however, to act as an identifier that always uniquely identifies a particular device.

An IP address can also be thought of as the equivalent of a street address or a phone number for a computer or other network device on the Internet. Just as each street address and phone number uniquely identifies a building or telephone, an IP address can uniquely identify a specific computer or other network device on a network. An IP address differs from other contact information, however, because the linkage of a user's IP address to his/her name is not publicly available information.

Further, an IP address is not necessarily linked, in a persistent way, to a physical location or even data link layer address.

In the past, an IP address could be considered a unique identifier of a particular IP host, in addition to being a locator. When it was usable as an identifier, it was static, and it was assumed to be globally unique from end to end of the Internet.

In current practice, an IP address is less likely to be an identifier, due to technologies such as:
· Dynamic assignment, as with an address that is assigned by the access device by which the user's host connects over a dialup telephone line or by a set-top box for an IP over cable network. However the network provider maintains a database of which IP address was assigned to which access port on dialup, or MAC address on LANs or broadband networks. This information, assuming it is available to the investigator, may help to identify the computer, although that is unlikely if it was a dialup connection where the identifier is of the dial-in port, not the computer itself. More extensive forensic work, with access to telephone records, may identify the calling telephone, although that may itself be a "cutout" on the way to the real telephone.

Network address translation (NAT), a feature common on gateway routers in corporate networks or home LANs, where the address visible to the Internet is the "outside" of a device that maps it to a completely different and hidden address on the "inside”.

No comments: