Reading Time: 3 minutes

This whole idea came to me when I received this week’s e-mail from Azure about what’s called “risky sign-ins”. The logic behind this reports is that it directs to you an area in the Azure Portal where you can check all the users in your tenant that are showing up as risky i.e. a user signed in from a location that he/she has never signed in before, or from a location that is far from the last known login location and it’s not normal to travel that far in such a small time-window. Check the link at the bottom for more information on this.

In that last email, I show my username in the risky sign-ins and that alerted me in the beginning, as you would not like to be a Global Administrator in your production tenant and see your username popping-up in such a report. Then I remembered that it makes sense as I used a VM to connect from a remote location and that made me inhale again.

So, what I saw is in the portal made me think that since my IP changes whenever my ISP decides to, I need a way to log my public IP, as well as whenever it changes, so in any case, I’m able to verify my sign-in along with the IP at the time.

So, I fired up my VS2019 and created a small app in C#.

LogMyNAT

LogMyNAT is the name and it does just that. Logs the NATed IP of your home router in a .log file in the folder where the application exists. When it starts up, you get a nice notification at the bottom with a system tray icon and your current public-facing IP.

You can then right-click on the icon to get a context menu with the options or double-click the icon to open the app.

Once you choose “Open” from the context menu or double-click the icon you get the main app with the information gathered.

Here with blur on the 2 last octets of the IP. Time is UTC.

In the main form you can see the following:

  • Your current public IP
  • When the last change occurred
  • A link to the application log file so that you can see all the entries
  • A link to GitHub with the project files
the log file (delimited with “;” for importing and creating reports)

There is a timer that checks every minute and if it finds a different IP then a warning notification pops-up and it is logged in the log file.

The code is easy to follow and should you have anything to discuss you can do so in the “discussion” section of the repo over on GitHub. Error-handling is for a revision, or better yet, for you to contribute 😉

Hope you enjoy it and use it to make your everyday life easier, now that most of us work from home and we need to know the public IP we use very frequently, get it with ease and log it for fun and also for security purposes!

Cheers!

References:

My GitHub repo: LogMyNAT https://github.com/SQLtattoo/LogMyNAT

Sign-in activity reports in the Azure Active Directory portal https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins

How To: Investigate risk https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk