# Security Concern: Do I Need to Block IP?



## Amie (May 5, 2006)

I have a few questions regarding Internet security and IPs:

1. Would blocking my IP increase my security while browsing the 'Net?

2. If so, how can I block my IP?

3. What can people (hackers?) use IPs for? Can they get "into" your system if they know your IP address?

4. I always have personal sharing OFF and firewall ON. Is this enough for security?

Thanks for any help. I'm trying to understand these concepts on a more in-depth level.


----------



## ElDiabloConCaca (May 5, 2006)

You can't block your own IP.  "IP blocking" is basically telling the computer not to accept any connections from a certain IP Address (every computer and device connected to the internet has a unique IP address).  When you type in "google.com" and press enter, something called "DNS" takes over and converts "google.com" into something like "64.57.121.32", which is the actual IP address.

An IP address is a requirement if you're looking to connect to another machine -- just like a street address is a requirement if you wanna go to someone's house.  If you don't know their exact street address but can remember where the house is, that's like "DNS."  DNS just makes it easy for us, so we don't have to remember that 64.57.121.32 gets us to Google.com -- we just type "Google.com" and DNS takes care of the rest.  If you don't want someone connecting to your machine from a certain IP address, you can block that IP address -- but for home systems, this usually isn't necessary unless you have a good reason.

It sounds like you're set up to be pretty secure already.  I wouldn't worry too much about getting "hacked" -- I doubt the hackers out there would waste their time trying to hack your iBook to steal your family photos or Word documents -- that kind of stuff is useless to a hacker.


----------



## Amie (May 5, 2006)

ElDiabloConCaca said:
			
		

> You can't block your own IP.  "IP blocking" is basically telling the computer not to accept any connections from a certain IP Address (every computer and device connected to the internet has a unique IP address).  When you type in "google.com" and press enter, something called "DNS" takes over and converts "google.com" into something like "64.57.121.32", which is the actual IP address.
> 
> An IP address is a requirement if you're looking to connect to another machine -- just like a street address is a requirement if you wanna go to someone's house.  If you don't know their exact street address but can remember where the house is, that's like "DNS."  DNS just makes it easy for us, so we don't have to remember that 64.57.121.32 gets us to Google.com -- we just type "Google.com" and DNS takes care of the rest.  If you don't want someone connecting to your machine from a certain IP address, you can block that IP address -- but for home systems, this usually isn't necessary unless you have a good reason.
> 
> It sounds like you're set up to be pretty secure already.  I wouldn't worry too much about getting "hacked" -- I doubt the hackers out there would waste their time trying to hack your iBook to steal your family photos or Word documents -- that kind of stuff is useless to a hacker.



Thanks a lot. That makes a heap of sense. Are you a teacher? You explained that very well. I have a better understanding of it now. Thank you!

I wasn't so much worried about a hacker hacking into my computer as I was just weirdos out there. For instance, when you go into a chat room and people can click on your name and see your IP, I wasn't sure how much information they could retrieve about you (phone number, home address, name, etc.). Lots of sickos out there. Gotta be careful.


----------



## barhar (May 5, 2006)

I always have personal sharing OFF and firewall ON. Is this enough for security?' - personal sharing OFF is proper, firewall ON is not necessary - particularly if you have a router between your DSL / Cable modem (assumed), if not built into the modem, and computer(s).

Routers contain hardware firewalls, which are configurable via a web browser, and typically - better than (most) software firewalls. Yes, I do know that many would debate that last statement.


----------



## CharlieJ (May 5, 2006)

Dont worry your on a Mac 
you wanna see my network log:  





> May.05.2006 20:43:40 security:Session -- Prot: 17, 192.168.2.100:54045 > 65.32.22.16:52287 712074.507 ~ 712203.218 size 52/45 time-out
> May.05.2006 20:43:40 security:Session -- Prot: 17, ***.***.***.*** > 86.13.226.17:59992 712074.492 ~ 712203.218 size 52/45 time-out
> May.05.2006 20:43:40 security:Session -- Prot: 17, ***.***.***.*** > 69.84.109.238:40584 712074.508 ~ 712203.218 size 52/45 time-out
> May.05.2006 20:43:40 security:Session -- Prot: 17, ***.***.***.*** > 24.43.147.191:13155 712074.502 ~ 712203.219 size 52/45 time-out
> ...


----------



## CharlieJ (May 5, 2006)

I see you have airport make sure it has encryption such as MAC address filtering (Like an ip address every computer has a unique one) you type all of your computers mac address's in the airport's configuriation system.


----------



## nixgeek (May 5, 2006)

Just because you're on a Mac doesn't mean that a good hacker couldn't crack into your Mac.  It's not as easy since it's Unix, but it is still possible.

As for encryption, WEP is better than nothing but it's not very secure.  Stick with WPA or WPA2 if your Airport card and basestation support it (which they should if they're relatively new).

MAC filtering (which means that the basestation will only allow the MAC, or Media Access Control, address from the network card or wireless card that is on its list of allowed cards) helps but can become tedious especially if you have someone visiting and they want to use your wireless connection.  This means that you would have to go into your basestation configuration and add the MAC address of that computer's wireless card.  Not something even I as a computer geek want to spend time doing.

FYI, the MAC address of a network card looks something like this:
00:90:4B:4D:64:17

That's actually the MAC address of my wireless card on my work laptop.


----------



## Amie (May 5, 2006)

I don't have a base station or router. I don't use my laptop at home. I mostly use it at public hotspots.


----------



## barhar (May 5, 2006)

Thus, based on the newly provided information of 'I mostly use it (the iBook) at public hotspots', then the answer to 'I always have personal sharing OFF and firewall ON. Is this enough for security?' is yes.


----------



## nixgeek (May 5, 2006)

I concur with barhar.  Make sure your firewall is on and that you're not sharing anything.  And even though it might seem a bit paranoid, disable Bluetooth if your iBook supports it.


----------



## Amie (May 5, 2006)

Thanks, guys!


----------



## g/re/p (May 6, 2006)

You may also want to click on the Advanced tab in 
SystemPreferences/Sharing/Firewall and select 
_Block UDP Traffic_ and _Enable Stealth Mode_.


----------



## Amie (May 6, 2006)

g/re/p said:
			
		

> You may also want to click on the Advanced tab in
> SystemPreferences/Sharing/Firewall and select
> _Block UDP Traffic_ and _Enable Stealth Mode_.


Huh? lol What the heck does THAT do?

EDIT: You know what? It doesn't matter in my case. I just checked System Preferences/Sharing and I don't have an Advanced tab at all. When I click on System Preferences and then click on Sharing, the only options are: Personal Sharing, Firewall and Internet. No Advanced tab in any of said options.


----------



## g/re/p (May 7, 2006)

Huh? lol - Click on Firewall, and *then* click on Advanced.



> click on the Advanced tab in
> _SystemPreferences/Sharing/Firewall_


----------



## Amie (May 7, 2006)

g/re/p said:
			
		

> Huh? lol - Click on Firewall, and *then* click on Advanced.


I read your post the first time. lol And, again, I'm telling you: I don't HAVE an Advance tab in Firewall preferences. Maybe you're using a different OS than me. The only options I have under System Preferences/Sharing/Firewall are a list of things (ports) to check in order to open/close sharing/firewall ... and then there is a "New," "Edit," and "Delete" option. THAT'S IT. No Advance tab.


----------



## bobw (May 7, 2006)

Sharing PreferencePane>Firewall in 10.3.9 doesn't have the Advanced button.


----------



## Amie (May 7, 2006)

Ha! See? TOLD ya so.


----------



## g/re/p (May 8, 2006)

Oh. ok lol - i guess you are going to get hacked!

Hehe - not really - i failed to notice you were not
running 10.4 Tiger, which does have that function.


----------



## Amie (May 8, 2006)

g/re/p said:
			
		

> Oh. ok lol - i guess you are going to get hacked!
> 
> Hehe - not really - i failed to notice you were not
> running 10.4 Tiger, which does have that function.


Nope. Not me! Got my firewall on and sharing off. I'm all wrapped up in a safety blanket. 

*pulls blanket over her head*


----------



## g/re/p (May 11, 2006)




----------

