Discover Source IP

Discover Source IP

Post by wilson_eldritc » Fri, 16 May 2008 05:22:30



I want to try discover if people who have access to my web server are
sharing credentials.  If they are accessing the site from a corporate
network, my usage log will show the IP address of their firewall or
proxy.  Is there a way to determine the IP of the desktop?

I realize that desktops will have varying IPs if they use DHCP, but
the lease on many workstations is a couple of days, so I could at
least see a possible trend.

 
 
 

Discover Source IP

Post by David Schwart » Fri, 16 May 2008 06:09:53



Quote:> I want to try discover if people who have access to my web server are
> sharing credentials. ?If they are accessing the site from a corporate
> network, my usage log will show the IP address of their firewall or
> proxy. ?Is there a way to determine the IP of the desktop?
> I realize that desktops will have varying IPs if they use DHCP, but
> the lease on many workstations is a couple of days, so I could at
> least see a possible trend.

Suppose you could get this information, and you see a dozen
connections from workstations numbered 192.168.1.104. Are they the
same machine or not? Many desktops have private IP addresses that are
meaningless outside of their local network environment. It would be an
error for them to leak those addresses to an external web server.

What you probably want to do is assign them a cookie. That will allow
you to tell if a subsequent connection is from the same machine or
not. Most machines will accept cookies and will send that cookie back
out to you. Note that many people, myself included, use more than one
browser and more than one machine, so different browsers and different
machines could still be the same person.

You can also usually determine the OS and browser version from the
'User-Agent' header. This may or may not be useful.

DS