Static IP....good or bad

[Howard]

Same here, mine's supposed to change but it's been the same for months

[EvilMunky]

I prefer dynamic addresses.

Its easy enuff to setup a dyndns free dns redicrector type service to always use your newly assigned dynamic address.

I like a dynamic address as if and when i getbanned from places / websites / servers / game servers etc - they tend to do it by ip - therefore i can get it replaced by renewing my ip address.

Your less likely to be attacked or attempted to be hacked on a dynamic address as your there for less time and wont always come back.

It kinda depends what you use the net for, but i personally prefer dynamic.

[DsW]

Paul - I used DOS as an example. There are plenty of other attacks that could arguably be made easier if someone knows your static IP from the outset.

I agree that if someone really wants to find your IP out then they can, but, like any other aspect of security in general, the harder you make it for someone to compromise whatever it is you are protecting the less likely it is that someone will persevere with their 'attack'.

I don't use the net for any clandestine activities so getting my IP barred is not a concern but a dynamic IP somehow makes me feel that bit safer... and for the ordinary user that is all they need.

[m0dm0]

oh..and while I've got your attention when I switch on 3 PC's on the router, sometimes I get an IP conflict (on my LAN, nowt to do with the statc IP).

sometimes I get an ip conflict when i hibernate one of the pc's, and then another pc takes its ip. when the hibernated pc comes back on, it sometimes causes an ip conflict.

are you hiberating at all?

m0.

[Zak33]

dont think so......there's no box of straw under the desk

I'll assign each PC its own IP address I think. Then the router can stop fretting.

[RVF500]

People like Zen give you a public IP address from their own stock of IP addresses. Static routing takes up a lot less overhead in their routing tables so it's easier for them. Also they don't have to have DHCP servers runningon their DSLAM access-devices. ZEN uses PPPoA if I recall correctly and that means that they will map your IP address to a Permanent Virtual Circuit (PVC) through their ATM network where it will be distributed into their core for onward routing. Considering that you could have 2000 subscribers hanging off of a DSLAM overhead becomes an issue.

If you are having an address conflict on your inside network then make sure that your PC network interfaces are set to dynamically receive IP addresses. Go to Network connections/ local area connection/ properties highlight the internet connection (tcp/ip) option and select properties. Click the radio button for 'obtain ip address automatically' and that should resolve your ip address clash. If you are still having a problem then check the the IP pool on the DHCP server is big enough. I'd be extremely surprised if that's the case though as ZEN tends to ship routers using the 192.168.0.0 private address network with a default subnet mask of 255.255.255.0. As a C class address that gives you a possible 254 valid host addresses.

The router should have firewall properties. Disabling ping will in itself help as most port scams use ICMP to see if there is anything on that address. If it thinks nothing is there then as far as the scanner is concerned there is nothing to attack. Camouflage is indeed the first line of defense. Your danger lies in point to point connections. An inside firewall and IDS is your next line of defense.

As for Dos and DDoS. Don't talk to me about that, we've had one going on intermittently for the last week that is hitting one of our routers in Munich with roughly a GBit of traffic. Wipes out the router and we get irate customers howling for explanations. Always aimed at the same host network so they've obviously pissed someone off royally. As a residential subscriber any DoS attacks should be fended off by the service provider networks so they shouldn't be an issue.

[CommanderSpike]

Correct me if I'm wrong...

Static IP Pros:
- Ability to use remote services like PC Anywhere to access your PC from a remote computer over the net.
- Ability to host your own website over your broadband net connection

Cons:
- More open to hackers
- A still target instead of a moving one
- Possible privacy issues with your ISP and the government spys

[Paul Adams]

- Ability to use remote services like PC Anywhere to access your PC from a remote computer over the net.

You can do this with a dynamic address if you specify the address to connect to, but if you want to use a name then you need a DNS 'A' record or a service like dyndns.org provide.

- More open to hackers

Most probes are automated scripts and not targetted at individuals, so it makes no difference if the address is static or dynamic in reality.

- A still target instead of a moving one

"Still" between sessions, your address is always "still" for any individual session regardless of it being dynamic or static.

- Possible privacy issues with your ISP and the government spys

Explain?

[Moby-Dick]

Paul - have you got your Tinfoil hat ready ?

[Paul Adams]

Paul - have you got your Tinfoil hat ready ?

Alas I had to stop wearing those when my neighbours complained it interfered with their unsecured wireless networks

[Matt1eD]

I don't know if it's legal, but some illegal underground sites, fake IPs. Can one do that at home?

[RVF500]

It's not legal. Using public addresses without having them assigned. If you have an enclosed home network and you are not going to leak IP addresses out into the public domain then you can use what you want. Though that's why there are private addresses set aside for that. The whole class A subnet 10.0.0.0 for example. That'll give you around 16700000 hosts. Should be enough for a home network.

Advertising a public IP address to the internet won't get you anywhere anyway as it's highly unlikely that the address will be advertised beyond the edge of the service provider you're subscribed to. Unless you happen to hit on a subnet that is being advertised by the edge router. Of course then you will cause a clash and it will take the service provider a very short time indeed to locate the source of the false IP. If I can do it in a backbone of around 2000 devices in less than an hour in the chaos of a project build. I'll let you figure out how long it will take an engineer to figure it out in a mature network he knows well.

IP address space on the public internet is jealously guarded as we are running out of it. Which is why IPv6 is on it's way in. if you want to host then the cheapest way is to go with a service provider who will give you an IP address for free with a broadband package. Build your network inside your own edge router and simply use NAT. Some will even allow you a subnet of half a dozen IP addresses if you need that many. Can't see why you would though if you are just using a few servers.

[Paul Adams]

I don't know if it's legal, but some illegal underground sites, fake IPs. Can one do that at home?

Are you talking about spoofing your IP as the world sees it, or using public Internet addresses for your internal machines?

IP spoofing is almost entirely pointless - yes you could change your source IP so it appears to be somewhere else, but as you will never get the reply you can't set up a session with another server so isn't really a viable "invisibility option".

If you are talking about using public IPs on your internal network, RVF500 has summarised that pretty well


If you are talking about being able to connect with servers on the Internet but hide your "real" address then the best you can do is use a proxy service - your client connects with the proxy and the proxy routes traffic between you and the public server using its own address.
So as far as the end server is concerned, there may be lots of traffic from one (or a collection) of IPs - but some services are aware of such proxies and don't accept connections from them (screws up load balancing affinity, for example).
I don't know of a legitimate reason to use a proxy server or hide your source IP address.


Now to the question of how a server can hide its address... how are you going to talk to it if you can't locate it?
I get the impression that many illegal sites are hosted in countries which don't recognise copyright or have sufficient laws regarding computer abuse.

Ultimately, if I can make a connection with you through the Internet, it stands to reason that the reply could potentially be traced back - maybe not in real-time, but logs can be subpoena'd.

[ERU]

Anyone know if NTL give static IPs out?