DDoSPedia is a glossary that focuses on network and
application security terms with many distributed
definitions. It provides a central place for hard to find web-scattered
definitions on DDoS attacks.
An IP address is an identifier for a device connected to a network using TCP/IP - a protocol that routes network traffic based on the IP address of its destination. IP addresses can either be 32-bit IPv4 addresses consisting of four base-10 numbers separated by periods representing eight digit binary (base-2) numbers called “octets” (i.e. 0.0.0.0 to 255.255.255.255), or 128-bit IPv6 addresses consisting of eight hexadecimal (base-16) numbers separated by colons representing sixteen digit binary (base-2) numbers (i.e. 0000:0000:0000:0000:0000:0000:0000:0000 to FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF where consecutive groups of four zeroes are replaced by a double colon).
When the Internet first became popular, IPv4, with its 32-bit addresses, offered 232, or roughly 4.3 x 109 unique addresses. As the number of Internet-connected devices began to grow significantly, people worried that the IPv4 protocol would not contain enough addresses to meet the growing demand for new unique addresses - this is why IPv4 will eventually be replaced by IPv6 on a large scale (IPv6 already officially launched in June 2012), which contains 2128 or roughly 3.4 x 1038 unique addresses.
The Dynamic Host Configuration Protocol (DHCP), which runs on special devices (usually routers) allows for the assigning of IP addresses within a local area network (LAN). DHCP assigns IP addresses on a temporary “lease” basis; once a device’s IP address lease expires, a DHCP server will assign it a new (potentially different) one. IP addresses automatically assigned by a DHCP server are therefore referred to as “dynamic IP addresses”, as a device with a DHCP-assigned IP address may eventually receive an IP different from its original one.
DHCP servers will not assign devices just any IP address in the maximum range of IPv4 addresses (0.0.0.0 to 255.255.255.255), as certain IP addresses are reserved for special purposes. Such addresses include:
Users’ DHCP-assigned IP addresses on a LAN are not the same as their “external” or Internet IP address. This address will be the same for all users connected to a DHCP server, which itself receives an IP address from the Internet Service Provider (ISP) it is connected to.
As IP addresses can be used as unique identifiers for users’ machines (and subsequently the users themselves), knowledge of a malicious user’s external Internet IP address can allow law enforcement officials to block, locate, and eventually arrest him or her. As a result, the more advanced attack tools and hackers will employ anonymization techniques - such as the use of proxy servers, VPNs, or a routing network like Tor or I2P - that can make it seem like they are using a different IP address other than their own, located somewhere else in the world. An attack tool called Low Orbit Ion Cannon (LOIC) became infamous for not hiding its users’ IP addresses; this resulted in the arrest of various LOIC users around the world for their participation in distributed denial-of-service (DDoS) attacks.