If the privacy of your IP address is a concern, then stay alert when using instant messengers. Using Skype as an example, it is trivial to obtain your peer’s IP address. Once you initiate a call with your peer, there will be ongoing data moving back and forth. Either with netstat or using wireshark (easier) – simply capture on the interface and look for a busy UDP connection. Then look at source/destination IPs – one will be yours and one will be that of your peer. Current connections can be reviewed using the native tool – netstat, however as you can’t see the data moving back and forth in real time, it will be challenging to identify which open connection is to your Skype peer.

Another option in gaining your peer’s address is simply through social engineering. “Here’s the page: http://www.iodigitalsec.com/test-page” – now I need to just tail my web logs until ‘test-page’ gets hit, and I retrieve the peer’s IP address from my logs.

Accessing your messenger through a proxy may still leak information and you are relying on the unaudited 3rd party software to maintain your privacy through the proxy you specify. Best, is to use a secure VPN solution to route all traffic through a VPN server. There will be added latency and delay, and whether it’s worth it for you, depends on how much you value your anonymity.

I once heard a story about a remote IT contractor that was on a call with the team and was realising that he had completely failed to prepare for the call or complete the work being discussed to a high enough standard. Using wireshark whilst on the call, he was able to quickly identify the IP addresses of his peers, and launch denial of service attacks (in this case, UDP floods) against them, rendering the Skype call impossible. The other parties just kept dropping off one at a time until the call was abandoned. The IT contractor was then able to buy himself a couple of hours in order to put things right.

p.s. I don’t recommend you do this 🙂