Thursday, June 3, 2010: You don't need to know the victim's IP address to crack their PC. « from the old blog archive »

I have been chatting with a random guy, in Thai language. The following chat transcription is translated (and is slightly modified).

First, it was a normal chat. And then he starts out: I am a hacker, white hat hacker. I use my skill to fix others' computer problems without them knowing it. I think like... really? Let me check if you really are one.

So first, let me ask you some basic question first.

> What Windows are you using?
< No, not Windows. It's a specialized system for hacking.

So I guess he must be a Linux user. What else could it be? Mac? Specialized for hacking? No way.

> So do you know what version of Windows I'm using?
< Either Windows XP or Windows 7
  So do you use XP?

Obviously, if one does not use Windows XP, they will probably use Windows 7. Vista sucks.

> No.

Again, it's 50% chance, and he has failed.

< So it must be Windows 7.
> Obviously, but why can't you get it right at the first place?
< It's really hard to see. I have to dig through millions of number.
  However, I can get the right answer if I want it.
  But hey, Windows 7 is a very good operating system—
  it offers good protection!

I already knew about the protection thing of Windows 7, but millions of number? Windows XP is 5.1, and Windows 7 is 6.1. Just look at this damn string, is it so hard to figure out?

> Do you know my IP?
< It will take a long time. There are billions of IP.....

While I chat with that guy, I made a page that just redirects the viewer to a Wikipedia article about TCP/IP, and gave that link to him, shortened using bit.ly.

> Well, I suggest that you read about this: http://bit.ly/.....
  You should learn about TCP/IP.

He clicked on it. His IP address and user agent string is recorded on the server's log. It shows that he is using Windows XP, and not any kind of a specialized operating system.

We continued chatting for a while, then I decided to surprise him a bit.

> I will tell you something. Your IP is 124.122.___.___.

But that guy keeps "tae"ing.

< Hahaha, that was my fake IP.
> Yeah, but I can tell your "fake IP" in seconds.
  So what's your real IP?

I think that the IP I found is already a real IP. If it's not then he must be using a proxy server.

But the next thing shocked me.

< I'm not gonna tell you my real IP. But here's a hint:
  My IP starts with 192.16

What the fuck.

< And that IP address was the IP address of my server. I put it at Korea.

That IP address comes from Thailand. Everyone knows it.

> Let me tell you something. 124.122.___.___ is a Thailand IP address and not Korea. You're also using True Internet.
< But the server is really at Korea.

I then completely ignored this guy.

That was just for fun. I hope that he didn't take it too seriously. Heheh.

---

Edit 2012-06-29: made few changes to the text to make it more clear.