Can a hacker, that knows my IP address, remotely access accounts I have left logged in on my computer?

Question

I frequently leave accounts logged in on my personal computer because of the immense physical and cryptological barriers a hacker would have to overcome to access my computer. Could a hacker, that knows my IP address and what websites I left logged in, take advantage of this knowledge in any way?

I hear that IP addresses are very dangerous when a malicious user knows them. Would this even be my first concern if someone knew my public IP address?

Answer 1

No, they would have to have access to your browser cookies in order to abuse them to log into a site you left logged in. Merely knowing your public IP address would not allow them to log into any website. If you are asking this question though, I would not be so sure that there are "immense barriers" between them and your personal computer. A good hacker can do a lot more than you may think.

In theory, a vulnerability in your router could be exploited which typically requires knowing your IP address, but there are dozens of ways to get your IP address anyway. Not to mention, the IPv4 space is small enough that a decent server can scan every single possible IP address in under a day (only 2³², or 4,294,967,296 in total, including a large number of reserved or invalid ones). It is more likely that an attacker would exploit a vulnerability in, say, your browser than your router through your IP address. That is not to say that vulnerabilities in routers are uncommon, but the risk of an infection or compromise through some vulnerable or out of date program is far greater.

IP addresses are not very dangerous when a malicious user knows them. This is somewhat of a myth caused by script kiddies (especially of the video gaming variety) who ominously proclaim that they have your IP address and you better watch out, often with the implication that knowledge of an IP address amounts to full access to a network. The worst common scenario is that a malicious user mounts a denial of service attack on your router, causing your network connection to slow down or break. This can be irritating, but is not particularly dangerous.

---

There are two real situations where your IP address is sensitive information:

1. If you are dealing with a bitter player for an online video game who you just beat (because that headshot totally didn't hit him) or a spiteful troll on IRC, they may mount a DoS attack against your network in vengeance. In this case, you may want to call your ISP. They may be able to change your IP address or protect you from the attack in order to restore your connection to the network. Even if that does not work, these types of attacks quickly subside. You should probably just avoid associating with the type of person who falls into this category.

2. If your adversary is a law enforcement agency or any other legally-privileged entity whose goal it is to tie your IP address to your real-life identity, you should be using an anonymity network such as Tor (for web browsing) or a VPN (for P2P). This is the case when your adversary is able to subpoena your ISP to obtain your subscription details. In the past, it was easy to social engineer ISPs to get this information (folks on IRC used to do this to get someone's real address), but nowadays it tends to take a legally-binding court order, in which case your ISP will barf up all the personal information it has on you without giving it a second thought.

If neither of those cases applies to you, you have nothing to worry about.

Answer 2

There are few malicious things people can do if they know your public IP address, and the main two are router hacking and DDoS.

Router hacking involves someone scanning your router, and depending on the make, model and version, find vulnerabilities on it. If any is found, a hacker can change your router settings, usually changing the DNS servers to point to some server he controls, therefore being able to MitM any non-encrypted connection that depends on DNS. Configuring your router to not accept any connection on the WAN side helps a lot avoiding this kind of attack.

DDoS involves sending a lot of traffic to your IP address. Depending on your connection speed, a couple of zombie computers can slow down your connection or even knock you offline very fast.

So, why so many sites asks me to logoff? It's because of something called CSRF - Cross Site Request Forgery.

Let's say you are logged in at your favorite browser-based game (say, www.game.com), and you receive a mail claiming someone will attack you, and with a link telling you to read and see the screenshot. You click there, but the site have a hidden picture which source is www.game.com/donate-all-resources.php?to=hacker-nick. If www.game.com does not have CSRF protection, your browser will load the donate-all URL and, well, donate all your resources.

And about the immense physical and cryptological barriers: they are way smaller than you think: hack your router, change the DNS to another one, MitM every HTTP connection, and if you try to download anything over HTTP, poison the download. Done.

Answer 3

I don't know your level of knowledge in this area, but I'd like to answer your question with a layman-level explanation of what an IP address is.

An IP address is very much like your postal address. If you want to correspond with someone through the postal system, you need their postal address and they need yours so you can send each other letters. Similarly, to exchange data or send messages online, your computer and the other computer or server must each know the IP address of the other.

When you type in a web address, your browser first corresponds with an IP address it already knows, which is the IP address of a DNS server. Google's DNS server has IP address '8.8.8.8', for example. It asks this server for the IP address of the server that hosts the website you are looking for. The DNS server gives it if it exists, and your computer then corresponds with that IP address to get the website data.

So there are many servers on out there that have known your IP address, just like any business you've sent letters to or received services from likely know your home address.

Your IP address is not a secret, or a password. It is the address used to do all legitimate internet transactions and services with you.

A person who wants to hurt or harass you can't cause you much trouble if they don't know where you live. If they don't have your home address they can't even find you to do anything. So getting your street address is the very first minimal prerequisite to messing with you or your home, and thus many people who are the victims of stalking or harassment try to conceal their home address, and would be distressed to learn that their stalker or angry ex has learned it.

Similarly a hacker can't do anything without knowing which computer to hack. If they don't know your IP address they can't even find you to begin their work. But it's really just the minimal first step. While not knowing the address prevents them from working, knowing the address doesn't really get them far. Like an angry ex who wants to steal things from your house, knowing where to go is just the first step. Once they find out where to go, they don't really have super secret info or some crazy advantage. Once they get there, they have no more power than any random person who walks by your house. They are still left with all the work of breaking in.

A hacker who knows your IP has not gained any special privileges or powers. A hacker who brags about knowing your IP is like a burglar bragging that they know your postal address. In fact, it's an even more ridiculous brag on the hacker's part, because a determined burglar can often break into a house, and even if they fail their attempts usually damage the house. But hacking is different. When a better physical home security is invented, only some homes get it, because the upgrade costs money to install. When new computer security is invented, most everyone gets it, because the software provider pushes the security patch to everyone's system automatically for free. So if your computer has the latest security updates, then it has the same security system that world-class experts have built to resist world-class hackers. The only disadvantage you have is if you have configured your system in a way that grants strangers access, like accidentally leaving your garage door unlocked (leaving your router set to use the manufacturer-default password) or if you didn't change your locks when you broke up with your ex (someone knows your iCloud password).

If you've got the latest security updates (you do update your computer right?) and an antivirus program, and you haven't left anything vulnerable (you don't give your passwords away or leave them as the default right?) then your hacker friend still faces 99.9% of the challenge of hacking after he learns your IP address. He's found your castle, but now has to attack it.

The one thing an amateur can do to a properly-configured system is called a DDOS attack. And it is basically abusing the legitimate internet protocols to overwhelm your system with spam messages. It's like someone sending you 10,000 junk letters every day, making it impossible for you to sort through and find your real mail.

So your IP address is like the street address of your home. And the hacker is like an angsty punk you met downtown shouting "I know where you live!". Sure buddy, plenty of people know where I live, that's why doors have locks.

Answer 4

In theory, a determined attacker who knows your IP address could attempt to perform DNS spoofing. If the attacker knows which services you use and they can guess when you might be using them, they could attempt to trick your systems into thinking that (say) the domain name "www.anysite.com" points to a different IP address of their choice.

To pull this off, the attacker would need to correctly guess two random numbers (a source port and a nonce) selected by your DNS client at a specific time, and be able to deliver a special packet to your IP address in the time period between when your computer requested the DNS resolution and before the real DNS server responded (while getting those two random numbers correct in that narrow time window). If I recall correctly, the attacker may also need to know the IP address of your configured DNS server(s), which may or may not be easily guessable. The number of possible combinations of random numbers means that the attacker would need to send you a huge flood of traffic, which would probably slow down your internet connection substantially.

The chances of this happening are unlikely, but a determined attacker might be able to pull it off given enough tries. If you are sitting behind some sort of embedded NAT device that proxies your DNS requests, and if that device's DNS implementation has a bad random number generator (or does not randomize ports), the task becomes easier.

To have any reasonable hope of pulling this off, the attacker also likely needs to provoke your computer to make certain DNS requests at a specific time of day so that they can try to more narrowly time the spoofed traffic. This could be done by, say, sending you an email containing references to remote images that your email client will download automatically upon receipt. A crafty email could include dozens or hundreds of such references, all pointing to subdomains of the same top-level domain name, to try to generate a flood of DNS requests with every email received.

If an attacker were able to do this, they'd be able to view all of the raw traffic intended for whichever domain name was successfully poisoned in your DNS cache. If you were connecting to that site over TLS (https), this is still not an issue since your non-nation-state attacker would not have an SSL certificate matching the target domain name, so you would get a warning in the browser.

If you either clicked through the SSL warning, or if you were accessing a site using non-secure regular HTTP, then yes, this theoretical attacker would be able to steal your browser cookies for that subdomain and potentially take over your session. By this point in the answer, however, the likelihood of this happening is vanishingly small and most everyday users need not be concerned.

Answer 5

I don't think so. When someone knows your IP address they can't do that much stuff. What I would consider dangerous is, by having your IP address an attacker can:

1. DDoS. Is when a hacker floods your machine with packets, making it to slow down your connection or even knocking it off.
2. Hack your router. By knowing the IP address a hacker might be able to find vulnerabilities in your router. Oh, and a little tip, change the default password.
3. Locate your IP address. If you haven't been using a proxy (for instance - Tor), or even a VPN connection, an attacker might be able to find your location by using an IP address tracker tool.

Answer 6

The concern of your IP address be known by a hacker could be "bad for you" in the following ways.

1. DDoS - Distributed denial of service. If the person has the capability, you will not have enough bandwidth to barely use your browser, or keep connection to services. This is a medium risk.

2. Assuming you are connected to a home router of some sort, and these days a "firewall" is up and you are somewhat protected. But if UPnP is enabled on your router, some ports can be opened, and you will be port scanned for known vulnerabilities to software. This is low risk.

3. To some degree, you IP address can be "spoofed" to certain vulnerable devices, and they can act as you, be framed to some degree. This is a very low risk though.

So the answer is not a complete "no".