Rupin Sharma, IPS
Having briefly examined the Private IP Addresses let us round up the topic of IP addresses and then examine the internet Routers and the Public IP Addresses. However, let me take a few points about the Private IP addresses before that.
Knowing whether a communication is coming from a private IP address or a Public IP address is the starting point of an investigation for the police and the ‘aam aadmi’ in cyber-crimes’.
1. How does Private IP address Identify a device to the Network?
As I mentioned above, every machine has to have a unique identifier on the internet. Therefore, within the Local Network or Private networks, either the IP addresses are allocated automatically or by the administrators. This concept applies for wired LANs or even on wifi networks, whether the wifi networks are based on broadband or through our mobile phone hotspots.
Each device on a LAN is allocated a specific, unique IP address which is based on the MAC address or device name.
Besides these - the router (the device which connects the user device to the internet in a LAN) also stores information about the devices it has allowed to connect to the internet. In fact, a mobile hotspot functions as a router when it is configured to allow other devices to connect to the internet – the global internet.
2. What is the IP structure?
Broadly and simplistically put there are 5 classes of IP addresses – A,B,C,D and E
Class A- Reserved for Governments;
Class B – Reserved for large and medium companies;
Class C – Reserved for Small companies;
Class D –Reserved for multicasting; and
Class D – Reserved for future use.
3. What is a router?
A router is a common home network device that allows communication between your local home network (like your personal computers/laptops or tablets/mobile phones etc) and the internet.
It is also the first line of security from intrusion into a network. Depending upon how it is configured, it enables the highest level of security and is the best way to keep your computer system and information safe from attack.
Routers often act as the DHCP servers in small networks, and automatically allocate unique private IP addresses to the devices which connect to it and through it to the global internet.
Prominent router manufacturing companies are like Linksys, 3Com, Belkin, D-Link, Motorola, TRENDnet, and Cisco, but there are many others.
Routers may be only enabled for Cables or may be hybrid – Cables as well as wifi. Most routers, including wireless routers, usually feature several network ports/slots to connect numerous devices to the internet simultaneously. However, the number of devices each router may allow to connect would depend on the number of ports/slots – called LAN/WAN ports (Wide Area Networks - for Cable connections) or the capabilities of the routers.
Each router has an internet cable connection which comes to it. This cable or internet or WAN connection is usually the public IP address by which that network is identifiable to the internet. The router in turn assigns private IP addresses to the devices connected with or through it.
4. What can a router do?
A router is like a ‘small computer’ with a small Central Processing Unit (CPU) and memory and an inbuilt software to deal with incoming and outgoing data. Routers contain routing tables or algorithms to understand where traffic is coming from and where it should go so that the traffic is received-sent only to the intended persons/device.
Since your router is your residential gateway to the internet, it is essential that the router be kept secure. A few things which can come in handy are as follows:
• Change the Router name and Password: Routers of different manufacturers usually come with default user names and passwords. It is advisable to change the default login and Passwords;
• Encrypt the Network: Routers provide the additional option of encrypting your network and the network traffic. Enabling this feature prevents the network from being intercepted in plain text by any ‘man-in-the-middle’ or a snooper or a sniffing device. The routers provide options for network traffic to travel without encryption and also different encryption levels. Chose whichever you desire, depending upon what is the sensitiveness of the data being sent/transmitted to you or by you.
• Change WiFi Passwords: Do not allow default passwords and set strong passwords. If this is not done, your data can be stolen, your data-pack can be consumed (you may run up high bills on data) or sensitive information may be stolen or someone may even hack into your network and use it for criminal acts.
• Configuring Router to Deny Access: Routers also allow the user/owner to configure access or deny access to specific websites or addresses or deny traffic from websites which carry traffic which you may not want. This way you can block access to pornographic websites or even to websites which you may not find desirable for you or your family.
The functioning of Mobile Wi-Fi hotspots is similar to routers because they allow multiple devices to connect to the internet using the same internet connection.
Your router can also enable you to shut out or deny WiFi services to all other devices or to particular devices also. It may also enable you to deny internet access to particular devices at particular times of the day – especially helpful as a tool of parental control of internet. This feature is called Scheduling. Some of the schedules which can be fixed are:
- All Day - schedule active for 24hrs, on a 24*7*365 basis
- Start Time and End Time - Schedule times have to be set by user. The user can also set the weekdays on which particular schedules would apply on the devices connected to the router.
For example, the user could configure the router so that Device “Child 1” to be unable to access www.skype.com between 6-8 PM on all week days or particular days of a week. Similarly, he can allow/disallow access to this particular website or IP addresses at any particular time during the week also.
• Inbound Filter Rules on Routers:
Routers can be configured to restrict or prohibit traffic coming from specific websites or from specific IP addresses or a range of IP addresses. This configuration in the routers may be for all users/devices connected to the router or to specific users only – the access to internet can be limited for all users or to specific users or for all users with exceptions. These configurations can be changed at the user’s end.
Some routers allow up to 15 such inbound internet traffic configurations. All outbound traffic to the addresses listed will also likely be denied access to the global internet.
5. Public IP Addresses:
These are public (global) addresses used on the internet. Realistically, it is the Public IP Address which is used to access the internet. A private IP Address in a way only connects to the public IP address for access to the internet. While private IP addresses cannot be routed to the internet, public IP addresses can be.
While Public IP addresses are unique – at least unique for a session (if the IP addresses are dynamic), there can be many similar Private IP addresses existing on the internet behind every public IP address.
If you have a Public IP address, it allows you to organize your own server i.e., in simple terms allow others to access either internet (global) or intranet (within an organization or office or home) etc. A public IP address also enables us to access our computers remotely or remotely access video surveillance cameras and access them on the global internet.
6. How does one establish whether it is a Private or Public IP Address?
In the IPv4 protocol, it is easy to distinguish the Private IP Addresses. The following four categorizations of blocks of IP addresses are Private IP addresses:
Range from 10.0.0.1 to 10.255.255.255
Range from 172.16.0.0 to 172.31.255.255
Range from 192.168.0.0 to 192.168.255.255
Range from 100.64.0.0 to 100.127.255.255
These are reserved IP addresses – reserved for Private intra-nets in common parlance i.e., in closed Local Area Networks (LANs). The allocation of these IP address ranges are not controlled by anyone from outside by internally by the network administrator within an organization/LAN.
The private IP addresses per se do not enable access to the global internet – a public IP address allocation/interface is required. This process of transition from a private IP address to a public IP address is called Network Address Translation (NAT) before the global internet is accessed.
Within a network, no two machines can have the same Private IP address and there cannot be duplication.
7. Can two Local Area Networks connect to each other?
Two local area networks which are not themselves connected by a cable or a switch or a hub cannot connect or communicate with each other. However, two separate LANs can be connected to each other through cables and they can then forma wider network which can be called a Wide Area Network.
The other method of connecting two separate LANs is through the global internet. In this case, each of the two networks would have to be assigned public IP addresses.
Since there are a large number of IP addresses and they keep changing dynamically, it would be order to briefly see how this functions.
