Is there way to identify spoofed IP addresses on my computer?

Discussion in 'iMac' started by mrogers, Jun 12, 2011.

  1. mrogers, Jun 12, 2011
    Last edited: Jun 12, 2011

    mrogers macrumors member

    Joined:
    Apr 11, 2011
    #1
    This doesn't have much to do with my iMac itself but just a concern I have that it could be hacked into. First of all, I have a question. If someone has spoofed my IP address is it possible that they are using my computer at the same time as me with the EXACT SAME IP ADDRESS CONCURRENTLY?

    In my network settings is there any way to see all the IP addresses on my iMac or my wireless network? Because my wireless network only allows certain IP addresses, so the only way someone would be allowed in my network is if they spoofed one of the IPs on either the iMac or the Macbook.

    Also using Activity Monitor or Terminal are there any other things I should be looking out for--- suspicious activity on my iMac that is not mine, if it is being done with MY IP address?

    The reason I bought this up, is because someone bought it up to me when my Gmail account was open on my iMac for a few hours today. And at the bottom Gmail always shows you the loggin history for your account. And I had 8 IPs (all Identical and all mine) that were ALL listed as "from the current session" meaning they had an asterisk next to them. And they were all from my browser with the same IP address, but it seemed like a new one would appear every 20-50 minutes for the entire time that I was signed in.

    That alarmed me becasue I have been hacked before (my actual computer itself) so I already had concerns, and when this happened, someone suggested this could be a possibility because gmail will only record you as having logged once PER every time you actually loggin. Not that it continually keeps recording loggins just because you were logged in for an extended period of time.

    Anyway thanks in advance
     
  2. cooky560, Jun 12, 2011
    Last edited: Jun 12, 2011

    cooky560 macrumors regular

    cooky560

    Joined:
    Jun 8, 2011
    Location:
    Around
    #2
    Your router should list all the clients connected to your network if they are given DHCP addresses. Visit it's IP address (typically 192.168.0.1) in your browser, and find the dhcp settings page, you should see a list of connections that have been active within the last few hours.

    If you want to see a list of every machine connected to yours, open Utilities -> Network Utility and click the netstat tab, select the bottom option and click "Netstat" if you find a suspect IP, you can use the "look up" tab in the same app to research suspect entries.

    If you prefer to do things the dev way, open a Terminal window and type "netstat" you will get the same information

    By the way, your computer always has 2 IP addresses, an internal address which your router gives to you personally, and an external or WAN IP address that everyone on your network shares when they go online. It's possible therefor for 2 people on your wireless connection to be considered as having the same IP address to the outside world, but it's impossible for 2 connections to share the same IP concurrently on the same network. That is, only your router can use your WAN until it's disconnected (and sometimes not even then depending on your ISP), and only you can use your internal IP until you disconnect. Machines can lie about their IP address however probing the machine will reveal it's real IP address.

    If you are concerned about your security many companies (such as Facebook) offer an authorisation routine where if you login from a different machine you receive an SMS on your phone containing a code you have to enter on the site to gain access. If you enable this and receive an SMS while you are doing nothing with the site, or are even offline, you can be safe in the knowledge the unauthorised user cannot do anything without the code, and then you can just change your password next time you login.
     
  3. Horlics macrumors newbie

    Joined:
    Jun 4, 2011
    #3
    Well, if they are using your computer at the same time as you then they are using the same IP address, because your computer only has 1 ip address (with some complicated exceptions, before i get jumped on). I really don't see a way that someone logged on to your machine and using it without you knowing (which is possible) would show up on Gmail the way it did. I think the Gmail messages that raised this concern are misleading you.

    The other guy gave you good info re looking at your network and who's using it.

    The only thing i would add is that if you are concerned about being hacked then you should set up logon auditing and check your security logs occasionally. Nobody is going to be 'spoofing' your IP on your own network. If someone is managing to logon then the security logs is where you will see it.

    To put your mind at rest about Gmail, change your password now.
     

Share This Page