An IP address is a unique address assigned to every device on a computer network. The address can take the form of 4 8-bit numbers, or 8 16-bit numbers.[^1] The former is used in the IPV4 protocol, and the latter is used in the IPv6 protocol.[^1] They can be either static or dynamically assigned.
Below is a table of Private IP Address Ranges.[^1] A gateway IP address is the address where packets that have destinations out of the LAN are sent.[^1] IP Addresses can be used to identify your location or identity, therefore it should be protected.[^2] Internet service providers can shut down IP addresses.
Private IP addresses are used to preserve IP addresses.
| Class | Start Address | End Address | Range |
|---|---|---|---|
| A | 10.0.0.0 | 10.255.255.255 | 10/8 |
| B | 172.16.0.0 | 172.31.255.255 | 172.16/2 |
| C | 192.168.0.0 | 192.168.255.255 | 192.168/16 |
And here is a table of Public IP Address Ranges.
| Class | Start Address | End Address |
|---|---|---|
| A | 0.0.0.0 | 126.255.255.255 |
| B | 128.0.0.0 | 191.255.255.255 |
| C | 192.0.0.0 | 223.255.255.255 |
| D | 224.0.0.0 | 239.255.255.255 |
| E | 240.0.0.0 | 254.255.255.255 |
The public IP addresses are typically assigned to a router.
To secure your network you should always use IP address filtering. It is effective and easy to update. You can use the lookup.icann.org website to lookup Ip addresses. IP address can be geolocated with public information.[^3] Some services that programs can use to check their IP addresses are:[^4]
- checkip.amaoznaws[.]com
- icanhazip[.]com
- ident[.]me
- ipecho[.]net
- ipinfo[.]io gives additional information including ASN timezone and region
- myexternalip[.]com
- wtfismyip[.]com
A routing table determines how a device will connect to a given destination IP address.[^5] IP addresses are essential for locating endpoints.
Communication Data – IP addresses are a type of communication data
IPv4
IPv6
Subnet Mask – used to determine the boundaries of the local network.
MAC Address – can have multiple IP addresses assigned to 1 MAC address
DNS – DNS service translates hostnames to IP addresses
DHCP – sets IP addresses
Internet Routers – Displays a single IP address to the internet, but represents a group of computers
[[AmazonVNC.com]] – malware prompts for an IP address
VPN – can be used to hide your IP address
Indicators of Compromise – can be malicious IP addresses
Internet Port – each computer has to 65535 possible ports
[[Cybersecurity OPSEC]] – leaking your source IP address is the worst OPSEC failure
LockBit Ransomware – ZServer subleased IP used for lockbit attacks
Broadcast IP Address – sends to all devices on the local network
Network Engineering Best Practices – you should disable IP address source routing
Tor – has list of commonly-used Tor ip addresses
Detecting WebShells – look for single or low volume accesses from international, VPN, or Tor IP addresses.
Favicon Fingerprinting– can be used to identify the IP address of a Tor service
nslookup Command – can resolve the IP address from a URI
Virtual Private Server (VPS) – Threat actors use VPS servers to obscure their true IP addresses
Autonomous System – Each AS controls a specific set of IP addresses
IP Address Prefixes
FastFlux – rapidly rotates IP addresses to prevent detection
SVR Password Spraying – use IP addresses in the same region as their victim
Honeypot – can be used to find the IP address of an attacker
PoC Honeypot – if you gather the IP address, you can reflect it back so that some common networking commands look normal
AWS Instances – can obtain a new IP address with a new Elastic IP
Preventing DNS Rebind Attacks– you should look for DNS entries that switch from public to private addresses
Fraudulent North Korean IT Workers – IP addresses have linked operatives to the North Korean intelligence Bureau
SSRF – gives a list of internal IP addresses that should be checked for SSRF
Tarh Andishan – Squid configuration file exposed net range that obfuscated single I P address
Operation Cleaver – used large amounts of AFRANET IP space in Iran
Cyber Threat Hunting – you can detect a C2 connection via frequent communications coupled with an API call to an IP lookup service
APT28 – rotates their IP addresses to prevent detection
Automatic Content Recognition – IP addresses are used to match smart TV content to households
Rate Saturation Equations – should be based on IP addresses and not usernames
May 2025 DDoS Attack – targeted 22,000 destination ports on a single IP
GRID – red team infrastructure that allows for using a one-use unique IP address
cURL WAF Bypass – used the localhost loopback IP address
IPSec Tunneling Protocol – can be used by APT groups to obscure their IP addresses
[[RC1918- specifies IP address range for private networks
PDF – IP addresses can be leaked from malicious PDF files
Tox – requires the sender to know the IP address of the receiver (p2p messaging)
Tor Hidden Service– a Tor address resolves to 3 IP addresses
ipconfig Command – shows the ip address information including the DNS server
DNS – a zone transfer can provide a list of IP addresses inside an organization