Demystifying IP Addresses: How They Work, What They Reveal, and Common Myths

IP addresses are the foundation of internet communication, but there's not much to freak out about if someone knows it. In this article, we’ll break down how IP addresses work, we'll cover some internet lore, then talk about what IP addresses reveal about you, and clear up some common misconceptions surrounding them.

If you're too lazy to read my sweet lore drop, check out "I Ain't Reading All That" at the bottom of this post for a quick summary.

What is an IP Address?

Consider the following scenario: you're hosting a party and you want to invite people over, but you only know a few people, so you ask them to invite their friends. You give them your address so they know where to go. Your friends then delegate the address and information to their friends, and so on. Your friends then come to your house as a response and you have a party. This is basically how the internet works in layman's terms.

Your IP address uniquely identifies your router on the internet. It's like a phone number, but for your router. It allows you to communicate with other devices on the internet. So, when you send a request to a website, your IP address is attached to that request so the website knows where to send the response.

https://i.imgur.com/694iyTH.png

Classic example of how the internet works.

By design, a server expects to receive your IP address when you send a request. It's like when you write a letter, you put your own address on the mail so the person receiving it knows where to send their responding letter. This is just how the internet was designed to work. If your didn't send your IP address to the server, it wouldn't know where to send the response and the packets being sent to it would be destroyed. The request and response simply involve asking the next router down the chain to kindly forward the packet to the next router if it can route it to the destination.

Does Roblox Ban IP Addresses?

People have rumored that Roblox bans IP addresses. This was certainly a thing in the past, but it's not a practical solution and is likely not being practiced anymore by Roblox. I drew this conclusion from three main points that I want to clarify on.

First off, your typical ISP subscriber has a dynamic IP address. They change all the time. When you restart your router, your IP address will probably change. When you move to a different location, your IP address will definitely change. So, banning an IP address is not a reliable way to ban a user because they can simply unplug their router, wait a few minutes, and plug it back in to circumvent the ban.

Second, IP addresses are unique to your household, not you. If Roblox were to ban an IP address, they would be banning everyone in that household. This is a huge problem because a lot of households have multiple users, and it's not fair to ban everyone in that household just because one person broke the rules.

Let's cover a scenario where both you and your brother play Roblox. If you were to get IP banned, your brother would also be banned, even if he did nothing wrong. This is because the servers see the same IP address and could assume it's the same person if it relied on only the IP address to identify users.

https://i.imgur.com/lbxVb33.png

Multiple users in the same household typically share the same IPv4 address (and IPv6 prefix).

Additionally, many ISPs are starting to use methods to combat IPv4 exhaustion. One method of reducing the need for so many IP addresses is CGNAT, or Carrier Grade Network Address Translation. It's basically a router for multiple routers, and it allows multiple subscribers to your ISP to share the same IP address.

So if Roblox were to ban an IP address, there is a considerable chance that multiple households would be banned. This is a huge problem because the chances of banning innocent users are considerably high given the fact that many households share the same public IP address.

https://i.imgur.com/WSTKYOx.png

CGNAT can certainly link one IP address to multiple households.

Sure, you can pay extra for a static IP address, but only people who run servers on their home network need a static IP address. It's very unlikely that your household has a static IP address unless the owner of the house is tech-savvy and knows how to set it up. Static IP addresses also cost extra, so it's very unlikely that the average Roblox user has a static IP address.

Can I confirm with absolute certainty that Roblox doesn't ban IP addresses? No, I can't. But it's highly unlikely that they do and instead rely on other identifiers to ban linked accounts. For example, they might ban accounts that share the same email address or phone number. I still, to this day, cannot use my phone number on my Roblox account because it's linked to an account that was terminated in 2018, so that's my experience on it.

IP Addresses Do Not Reveal Much

Imagine that someone sent you a deadly link that you clicked on and, uh-oh, some dude with a hacker profile picture DMs you and says "I know your IP address". Naturally fearing the unknown, you think "Oh lord, what can they do with it?". They say they can get your exact location, find out your name, and even your credit card information. But is that really possible?

The answer might surprise you. The truth is, your IP address is not as revealing as you might think. I casually drop my IP address in the chat all the time and no one has ever found out my exact location. So what data can someone actually get from your IP address? Well, to know that, we need to know how IP addresses are issued.

In the United States, IP addresses are allocated to organizations by the American Registry for Internet Numbers (ARIN). When you request an IP address from your ISP, they assign your router an IP address from a pool of addresses that they requested from ARIN. This means that your IP address is primarily tied to your ISP and not you. So, if someone were to look up your IP address in a public  database, they would find out who your ISP is and not much else.

https://i.imgur.com/jVRtvuC.png

Yes, this is my real home IP address. Come and find me.

The most identifying information you can find here is the ISP I use. I don't consider me living in Tulsa to be identifying information, because 400,000 people live in my city. The ZIP code provided there isn't even my ZIP code too. You got my timezone but you probably could've guessed that from my activity online. The latitude and longitude here just point to some random lot in my city, so that's not accurate either. The ASN is just a number that identifies my ISP, so it's not really identifying information either.

How Accurate is IP Geolocation?

Geolocation is tricky because it's not as simple as pulling an IP address up in a database. IP geolocation services often use multiple data sources to try and approximate the general location that IP address may be assigned to. The data that these services use may include the location where the IP address pool was requested, information provided by ISP infrastucture, latency and routing data, and more.

The accuracy of these services vary extensively. At best, if someone got your IP address, they might be able to get the city you're residing in. But even then, it's not guaranteed. My IP address might show that I'm in Buffalo, NY, but I might, in reality, be somewhere close by, like Rochester, NY. What would cause this discrepancy? Well, it could be that the ISPs infrastructure is more centralized in Buffalo, so the geolocation service assumes that's where the IP address is located.

With CGNAT, you may share an IP address with multiple subscribers to your ISP. This makes geolocation even more difficult, as these subscribers clearly don't live in the same household. This further reduces the accuracy of geolocation services.

What are the Actual Risks?

If you're not hosting any services, the risks are minimal. Just follow proper precautions like enabling your router's built-in firewall, keeping your router's software up-to-date, and not opening ports unless necessary. The most an attacker can do by then is to try and slow down your internet ("boot you offline") by abusing protocols like NTP or ICMP, but even then, an advanced firewall can mitigate these attacks if you install one.

The biggest risk is that if you openly host services on your network, like websites, email servers, game servers (like Minecraft), etc., someone could potentially exploit vulnerabilities in those services (hack your servers) or flood them with traffic to take them offline. That would be called a Denial of Service (DoS) attack. A Distributed Denial of Service (DDoS) attack is when an attacker carries out a DoS by sending traffic from multiple computers. These are preventable if you use anti-DDoS strategies like Cloudflare, which can absorb the traffic and keep your services online.

So, the next time someone freaks out about an IP address, it's not the end of the world. Just make sure you're not hosting any services. If you are, use a tunneling solution like Cloudflare Zero Trust for your services. It's free as long as you aren't a big corporation. Remember, you're usually dealing with script kiddies. They don't have the resources to do anything serious.

Now, if a government agency like the FBI is after you, they have a little more power. If they can prove that you did something illegal using that IP address, they can send the ISP a court order to get informaton on the subscriber who is registered to that IP address, but that's a government agency, not some random person on the internet. If some random guy asks your ISP for information on your IP address, they're probably going to get laughed at.

I Ain't Reading All That

- IP addresses are like phone numbers for routers.
- Roblox probably doesn't ban IP addresses because there's a good chance it would ban innocent users.

- If you seemingly do get "IP banned," it's likely that Roblox is using other identifiers to ban linked accounts.

- You can usually unplug your router and leave it off for a few minutes to get a new IP address.
- Your IP address at best may reveal the city or region you live in, definitely not accurate enough to find even what block you live on.
- Script kiddies can "boot you offline," but there are mitigations for that: install a strong firewall or change your IP address.
- If you're hosting services, use anti-DDoS strategies like Cloudflare to keep your services online.