Can someone steal my IP address and use it as their own?

Network engineer with Border Gateway Protocol (BGP) experience here.

Yes. But usually the attack would have to be for a larger address block and (as Eevee commented) require an attacker with specific skills and access. If someone calls you and claims that your IP is hacked, they are probably a scammer. Hang up!

Back to the question:

Let’s assume the “good ISP” company is allocated 1.1.0.0/16. You are a customer of “good ISP” and your home router public IP address is 1.1.5.5.

“EvilCo” wants to make you look bad by downloading ...inappropriate... content from 1.1.5.5. They have an unfiltered BGP routing protocol connection to the Internet and advertise 1.1.5.5/32.

That attack fails. While their BGP connection is not filtered (and we are talking about route advertisement filters here, not packet filters), Internet ISPs generally don’t accept IPv4 routes more specific than a /24.

So EvilCo advertises 1.1.5.0/24 in BGP. That succeeds. Both 1.1.5.0/24 and 1.1.0.0/16 exist in the core Internet routing table and the more specific route wins!

A few mitigations:

  1. ISPs generally filter BGP connections to their customers and only accept specific routes, but there are plenty of unfiltered BGP connections out there (I personally had access to one in a prior job...it was so old it was created before the ISP tightened their standard configs).
  2. Good BGP operators use a “BGP monitoring service” which sends them an email when someone else advertises one of their assigned blocks. (BGPmon)
  3. There are “route registry databases” (RADB for example) and some ISPs try to police their routes with the databases, but those databases are generally incomplete.
  4. The requirement to attack a larger block (/24) makes the attack more obvious, since multiple people are affected and all BGP updates are logged by several organizations.

It is also possible for a rogue operator inside “Good ISP” to specifically take over your /32.

It is always possible for anyone to send traffic with a source IP of 1.1.5.5 without rerouting the block, but that will not result in completed TCP handshakes so no downloads will occur (DNS queries are usually single-packet UDP, so it is easy for someone to forge DNS queries from your IP address for an inappropriate domain and send it to an arbitrary DNS server where the query might be logged).

There's a pretty good discussion and history of “BGP hijacking” incidents on Wikipedia. Network operator organizations including NANOG (North American Network Operators Group) communicate and cooperate to deal with (or at least bring visibility to) these when they occur.

Many (most?) BGP hijacking incidents are “operator error” rather than intentional. In some cases companies find IPv4 address space that is assigned to a no-longer-operational entity and use that for business operations. IPv4 address space is scarce and expensive due to IP address depletion.


If someone manage to get a backdoor program installed on your computer, they can route all their traffic through it using it as a proxy server, thus "stealing" your ip.

All their activity will show as coming from your ip address, so they can do shady stuff using your ip as cover and you might take the blame later.

Tags:

Ip

Related

What are the advantages and disadvantages of using a HackRF One compared to specific protocol sniffers? How can I recover steganographically hidden data from a photographic copy of the image? Is PGP for user authentication a good idea? Does revealing part of your hash give an attacker advantage when attacking your password? Clearing password field after an invalid login attempt What are the potential risks of leaving a device in public, but locked? For SameSite cookie with subdomains what are considered the same site? How are full URLs exposed when they are encrypted by HTTPS? What use would a privacy browser, such as Firefox Focus for iPhone, have for an internal web server? Why can hardware assisted virtualization be a security issue? How to deal with a company that doesn't fix (potential) security vulnerabilities in their web app? What is the impact of leaked recaptcha secret key?

Recent Posts