I won't give you my IP address
Posted by haggur@reddit | talesfromtechsupport | View on Reddit | 75 comments
A customer reported problems with accessing our web site so, fearing fail2ban had accidentally blocked their IP address, I pointed them to https://whatismyipaddress.com/ and asked them to tell me their IP address (as their mail headers weren't being helpful).
The reply:
I'm a bit loathe to give out my IP address. - I've heard (rightly or wrongly) that unsavoury things can happen when one's IP address gets out in the wild! Maybe I'm needlessly cautious, but I'm a bit paranoid about that sort of thing!
Despite this he's already gone to the web site I'd suggested and got his IP address from there so that web site knew it ... but he wouldn't tell us.
I'm off to find a wall to bang my head against.
joerice1979@reddit
Heavens! If their public IP becomes public, there's no telling what might happen!
IntelligentLake@reddit
I managed to get a very nice address myself, 127.0.0.1, so I never tell anyone what it is or that it's mine, someone might steal it from me or something.
syntaxerror53@reddit
sounds better than 169. address
ferrybig@reddit
I got an even nicer ip address,
127.69.4.20
jnmtx@reddit
I have
192.168.0.20
There are many like it, but this one is mine.
Agret@reddit
Exact same one I've used on my home desktop since the early 90s
zyzmog@reddit
Hey, that's the combination I use on my luggage lock.
ccarlen1@reddit
Just a reminder - change the combination on your luggage
Agret@reddit
Man I hope Space Balls 2 will be good
meitemark@reddit
Updated for this time and age: 127.67.42.0
themirrazzunhacked@reddit
Why not have all the magic numbers? 127.69.42.67. My IPv6 address is even better, but I can’t tell anyone..
Gr8FullDan@reddit
bew78@reddit
Nice.. 😁 Might steal yours for my next network mouhahaha
P5ychokilla@reddit
That's yours, your own, your preciousssss.
LoetherS@reddit
Haha jokes on you sucka... Now that I know your IP im going to DOS yo......
ypoora1@reddit
DOS? But i use Linux!
goodenough4govtwork@reddit
Shit, how'd you get my IP address?
EBN_Drummer@reddit
192.168.0.1
Sweet
192.168.0.1
odaiwai@reddit
Private Address Sweet Private Address?
I think you mean:
::1 Sweet ::1ephemeraltrident@reddit
I have to take a minute and thank you for hosting all of my projects that are in progress. You’re so generous!
IntelligentLake@reddit
I have the server-space, might as well use it for something. But be careful, other people's projects are on there too.
Duey1234@reddit
Before I had internet at home, my printers IP address was 169.254.199.193
Awlson@reddit
And if they did, you would never be able to go home, right?
IntelligentLake@reddit
Definitely, I'd be so embarrassed, I'd probably have to go live in the woods or something.
deeseearr@reddit
On the one hand you have a customer who was given security advice and, even though they didn't really understand what it meant, has not only remembered it but continues to follow it. That's actually good.
On the other hand they're withholding that useful information from the one person who could actually use it to help them. That's bad.
On the gripping hand, they're making it really easy to close their ticket with the comment "Customer does not want to proceed with troubleshooting." That's good.
But, the Frogurt toppings contain potassium benzoate.
(That's bad.)
himitsumono@reddit
And there's the final hand: That site won't supply THEIR ip address most likely. One of their ISP's addresses, sure, but will knowing that do OP or anyone else any good?
BarServer@reddit
Yes, like the one time I had to tell my credit card and CCV number via phone to prove it's really me, to issue an emergency block of that card. As I learned that the nice receptionist in some eastern european country took photos of the front and back of the card.
Luckily it was the day of my return flight, so all big expenses were already paid and anything else (snacks, etc.) could be bought with cash.
And yes, I reported her to the hotel (not police, as lack of time) and yes, they didn't care.
Yes, left a negative Google review, warning people. It got deleted because of "defamation". Yeah..
sneschalmers34@reddit
Can I go now?
ergo-ogre@reddit
WOOO! A Mote in God’s Eye reference in the wild! It’s gunna be a good day.
Wonderful-Cup8908@reddit
So long as the moties don't escape their home system...
4rd_Prefect@reddit
Combined with a Simpsons reference too!
BarServer@reddit
Have a webserver under your control? Sent him a link to some page nobody else knows. Asking like "Is this working for you? Just checking something." and then get the IP from the logfile...
haggur@reddit (OP)
We had another, similar, incident today and used another server we have elsewhere that uses different blocking to do just that. And we have now fixed the issue for the second user.
containingdoodles9@reddit
My team has the same thing, points to “…what is my…” and people refuse to give their public IP address as though it were their SSN.
Sorry, we can’t help until you give it to us. When you choose to do so, here’s your ticket # and we’ll be happy to pick up from here. “What about my street address instead?” Seriously‽ No, not the same. Have a nice day.
BarServer@reddit
"To help you with that issue you need to visit our self-checking help-tool first. Please click here: LINK."
Make the link unique for each customer, get the IP from the logfile. Done.
Why bother?
K1yco@reddit
The irony is I've had people start the call with "Can I give you my SSN?"
P5ychokilla@reddit
"Ok well I'm afraid I'm a bit loathe to assist you if you won't give me the information I need to fix your issue"
Duey1234@reddit
There are plenty of websites that you can use to create an IP grabber link, could you not just use one of those and get them to click it. That way, they haven’t broken any of their self imposed rules and you get the info you need?
-fno-stack-protector@reddit
doing shady stuff to help a patient against their will? sounds like that House episode where they broke into a patient's flat
Toratchi888@reddit
"Do you realize just how little that narrows it down?!"
-fno-stack-protector@reddit
Wow really? I thought that would be instantly familiar to everyone. I was pretty young when it was running, so I only saw a few episodes.
TheTeslaMaster@reddit
Oh, that's episode 20 and 21 off season 2, two-parter named Euphoria.
Other than the pigeons being the clue, they break into patient houses very often.
BipedSnowman@reddit
The joke isn't that they aren't familiar with House breaking into houses, it's that he does it so much that there isn't really a "that one episode"
-fno-stack-protector@reddit
naughty doctors
Aiuner@reddit
Apparently the episode you’re thinking of was in season 7.
House M.D. had 8 seasons. You evidently missed a lot of breaking-and-entering.
Thepcfd@reddit
ok ask fornTW code
VoiceOfSoftware@reddit
My friend refused to scan the QR code I showed her to get onto my WiFi. My home WiFi, and a QR code I personally created. She said that scanning any QR code would cause bad things to happen to her phone. She did not believe me, even though I have 45 years of coding experience.
K1yco@reddit
Would I be correct they would be the type that have no issues posting private details on social media as well as clicking on those links that ask you for same details?
VoiceOfSoftware@reddit
Very likely!
meitemark@reddit
She would get access to "the internet", and well, Ultron (AI in avengers movie) looked at the internet for 15 seconds before determining that humanity should be erased. Not likely that it would happen here, but any day a potential doomsday get averted by the stupidity and ignorance of endusers is another day for us to read about the pain here in r/talesfromtechsupport
jobiegermano@reddit
These comments are clearly not from anyone with any sort of cyber security knowledge. Please, go ahead, provide your legal name and non-vpn’d IP Address below:
First name:
Last name:
Public IP Address (non-VPN):
Just because your IP is public doesn’t mean the people you interact with know your PII too.
PS. If this person hadn’t given his PII to create the account with the company’s tech support he was talking to and if he was using a VPN, it would be a different story, but given the info in the OP there’s every reason to believe this caller wasn’t using a VPN.
bagofwisdom@reddit
It was accurate info like 30 years ago when we mostly connected our computers directly to the internet. Firewalls were for enterprise and your PC was directly patched into the internet with a public IP address. Now, everyone is behind their own NAT and often also CGNAT. Not ironclad protection by any stretch, but NAT can keep out most of the kids screwing around with remote access exploits or trojans (Old timers around here remember Sub7?)
Accomplished-Ruin742@reddit
Not about IT, but similar. I'm a tax professional and I had a new client come in who refused to provide their Social Security number so I could prepare their tax returns.
bob152637485@reddit
You just sparked an interesting curiosity. If I'm not mistaken, the Amish are one of the few groups that don't HAVE a social security number, since they were able to opt out of social security when it was created.
With that in mind, how would you file the taxes of an Amish client, if you ever had one?
meitemark@reddit
Explain that IP adress, is kinda but not like a street adress. 192.168.123.200
192: country
168: city
123: street name
200: house number
So if you just gets 168.123.200 that would be ok and there is 255 places that your customer can still hide his dirty deeds. Without knowing fail2ban I'm guessing wildly that you can search for something like that.
ac8jo@reddit
It doesn't help that many local news stations act as if the use of a specific IP address identifies an individual.
clarkcox3@reddit
“Well, then I guess I can’t help you” 🤷
subhuman_voice@reddit
Customer Refusal.
Closes ticket
pv2b@reddit
When Bonzi Buddy is responsible for your IT security awareness
AmiDeplorabilis@reddit
I got a 169. address, but I'm not telling anyone what it is.
machacker89@reddit
You too 😁
NotPrepared2@reddit
If you can search the access logs for your site, or any site, I ask the supportee to enter an identifiable URL path like www.site.com/ticket9999. And then search your logs for /ticket9999 and you've got their IP.
haggur@reddit (OP)
The problem is that we may well be blocking access to their IP address via fail2ban filtering so we would never see the request.
Geminii27@reddit
"Not your private IP; your public one, that all web sites can already see."
Wolphin8@reddit
I would respond why I need it to check and I can not record it in the ticket if they want, and that if they are declining to provide it, I cannot help you and will close the ticket as "customer refused to provide the needed information".
ThunderDwn@reddit
"well then, OK, the problem is yours to fix, not mine. Thanks for calling".
aubreyb00bs@reddit
I had a friend frantically message me after they got a steam message from someone they were playing game with claiming they had their ip address.
I directed them to whois, had them put in the ip address the person claimed they got, and it wasn't even a valid registered public ip address.
Their fear eased immediately when they realized it was some barely even script kiddie trying to scare them by taking advantage of their ignorance.
Even if someone has your public IP, it's really unlikely they have the skill, time, or motive to do much of anything.
Even if they do, just call your ISP.
There is a lack of education on this front.
cgimusic@reddit
For better or worse (mostly worse) I don't even have a public IP anymore. My current ISP puts everyone behind CGNAT.
LupercaniusAB@reddit
I had a guy try to do that to me, I said, “congratulations, you’ve tracked down my VPN, well done”. I wasn’t even in the city he claimed I was in.
Endy0816@reddit
It's often not even all that useful, compared with data mining what someone has previously posted, timestamps and any metadata.
GeorgeGorgeou@reddit
Did that once - bang my head. At my office it was wall board over wood frame. Made noise - but not much else. Enough to let co-workers know to give me some time.
The other building’s walls were painted concrete. There was an ambulance ride.
DeciduousEmu@reddit
I understand the paranoia from the non techie masses. He was thinking the IP was as sacred as a social security number.
haggur@reddit (OP)
We're both UK based, but yeah, same idea.
emax4@reddit
My reply would have been, "Okay, then when you're ready to provide that, we'll be ready to provide the tech support you're requesting. Have a nice day!"
haggur@reddit (OP)
Yup, that was pretty much my response.