IP address

Why does the forum page where I posted show my full IP address while for all other posters it just shows "logged" ?

Because that’s the way the forum software works.

Why does the forum page where I posted show my full IP address while for all other posters it just shows "logged" ?

It only shows your IP address to you. All I see for your IP address is "logged".

That's quite a relief, thanks!

It means "we know who you are"

...R

As a matter of fact, people not logged in do not see any of this. People logged in see that your IP was logged, forum administrators and probably moderators can see your IP, That's needed for their jobs as moderator / administrator.

By the way, you are sharing more than you might like, all by yourself and by your choice. I now know your name, that of your wife, your address, and that you used to be a countryman of mine. I'm not interested in all that, but if you are worrying about your IP shown, you should also consider this. But somehow your private website (which isn't really private) wasn't registered correctly. It is shown as some extension to this site while it clearly isn't. I suppose you forgot to type the entire URL so including the http://www., even if that works for browsers nowadays.

Groeten uit een nat Nederland.

MAS3: ...but if you are worrying about your IP shown...

This is what your IP address reveals... http://whatismyipaddress.com/

Unless you are using an address leased by a corporation or a school the best level of detail is typically "city".

If you are using a proxy / onion router the best level of detail is "solar system".

In other words, when the Jason Bourne characters track someone by their IP address in real-time the producers are taking great liberties.

This is reality... http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/

I have very little secrets (if any) and my personal website reveals them all.

The IP address visible to me now is that of SES-Astra in Luxembourg where I hired a high speed satellite link. What does worry me is this:

[DoS attack: FIN Scan] attack packets in last 20 sec from ip [111.221.77.151], 06:01:36 [email failed] internet connection is dropped, Wednesday, 06:01:28

These are 2 lines from my router's log file. There are 1000's such entries, disrupting my internet traffic and wasting expensive bandwidth. All attacks bounce on the firewall but still count as traffic.

The IP address belongs to Microsoft in Hong Kong but is probably faked.

There are 1000's such entries, disrupting my internet traffic and wasting expensive bandwidth. All attacks bounce on the firewall but still count as traffic.

Ask your ISP to block the address upstream.

The IP address belongs to Microsoft in Hong Kong but is probably faked.

If the address is "fake" then your ISP has a responsibility to help track down the device responsible. The IP owner will lose their connection to the internet.

In any case, it is highly unlikely the address is "fake". The most likely culprit is a compromised computer.

https://wq.apnic.net/whois-search/static/search.html?query=111.221.77.151

remarks:    --------------------------------------------------------
remarks:    To report network abuse, please contact mnt-irt
remarks:    For troubleshooting, please contact tech-c and admin-c
remarks:    Report invalid contact via www.apnic.net/invalidcontact
remarks:    --------------------------------------------------------
mnt-irt:    IRT-MICROSOFT-APNIC-SG

irt:    IRT-MICROSOFT-APNIC-SG
address:    One Microsft Way
address:    Redmond, WA 98052
address:    US
e-mail: abuse@microsoft.com
abuse-mailbox:  abuse@microsoft.com
admin-c:    MP234-AP
tech-c: SC1001-AP
auth:   # Filtered
mnt-by: MAINT-AP-MICROSOFT
changed:    diquamar@microsoft.com 20160125
source: APNIC

If you do not get relief then report the contact as invalid. That may force a response from Microsoft.

If that still does not get you relief then give the news tip (lack of reasonable security; helping to perpetrate an attack) to two popular bloggers: one who hates Microsoft; one who praises Microsoft.

[quote author=Coding Badly link=msg=2803087 date=1466102057] Ask your ISP to block the address upstream.

[/quote]

SES/Astra is not a normal ISP. First you sign a contract, buy the hardware, point it to the proper satellite cluster and wait until the modem identifier is recognized and access granted. Then they just count the bytes passing the link and shut you down if the number exceeds your contract within a month. They do not filter anything. No home page, mail boxes, customer service or help desk.

Now, after more than 4 days, the attacks have stopped. As soon as they start again I will contact Microsoft and express my deepest thoughts.

Thank you for you assistance.

You are welcome. Good luck.

After a second attack that lasted 6 (!) days I mailed to cert@microsoft.com. No answer, but within a few hours the attack stopped.

Good to know. Thank you for the follow-up.

Why cert@microsoft.com instead of abuse@microsoft.com?

[quote author=Coding Badly link=msg=2825143 date=1467536451] Good to know. Thank you for the follow-up.

Why cert@microsoft.com instead of abuse@microsoft.com?

[/quote]

I've sent it to abuse@.... first. This is what they answered:

Thank you for bringing this to our attention. We have passed on your information to the appropriate team.

To avoid delays, in the future please report these types of problems directly at cert. microsoft. com. You may also simply email our cert team at cert@microsoft. com.

Huh. I never realized how overloaded "cert" is. I assumed "cert@microsoft" would be used for inquiries about top-level TSL certificates. It makes sense that they would use "CERT" à la Carnegie Mellon University's Computer Emergency Response Team.