[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Dynamic or Static

To: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Subject: Re: [Sheflug] Dynamic or Static
From: "Chris J" <xxxxx [at] xxxxxxxxxxxxxxxx>
Date: Mon, 23 Sep 2002 21:40:30 +0100
Envelope-to: <shef-lug [at] list.sheflug.org.uk>
List-help: <mailto:shef-lug-request [at] list.sheflug.org.uk?subject=help>
List-id: Sheflug <shef-lug.list.sheflug.org.uk>
List-post: <mailto:shef-lug [at] list.sheflug.org.uk>
List-subscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=subscribe>
List-unsubscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=unsubscribe>
Reply-to: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Sender: shef-lug-admin [at] xxxxxxxxxxxxxxxxxxx


> Hi,
> 
> I've got a question I'm hoping someone can shed a little light on. I'm getting 
> broadband next week and have the choice of a static or dynamic IP. Now I'm 
> tossing up on which to have. One, it would be nice to have a single address 
> (although I could use dyndns.org with a dynamic IP like I do now) surely 
> there's less security in it? What would people recommend?

Dynamic doesn't give any extra security over static. Unless of course you 
have a completely vunerable box, in which case it shouldn't be on the 
internet in the first place :)

If you have a good firewall and keep up-to-date with security patches, 
static is just as good as dynamic. You'll get port-probed whichever you 
have. Also bear in mind that it is possible for trojans that get dumped on 
your machine to phone home ... so dynamic IP gains you nothing over static. 
Finally, if you end up being cracked once on one IP address, there's nowt 
to stop you being cracked on a completely different IP if you're being 
probed. Scanners will usually check an entire netblock, or random IPs...

On the flip-side, static IP does make it easier for you to be DoS'd. But if 
that happens, you should be able to liase with the ISP, and if they're any 
good, block the offender on the router, and/or reallocate your IP. 
Blueyonder are actively considering this problem as they consider whether 
to introduce static IPs. Don't know about others.

Static IP gives the benefit of a more secure firewall configuration if you
look after remote boxes - you can simply lock down the remote firewall on a 
single IP rather than a netblock, or set of netblocks.

Personally, I'd go for static. I'm running with a next-to-static IP on 
Blueyonder (gotta love DHCP allocation strategy :-) ), and before that I 
had a static IP with F9. Never had a problem.

Chris...

-- 
\ Chris Johnson           \ NP: Wolfsheim - 11. E
 \ cej [at] nightwolf.org.uk    ~-----,   
  \ http://cej.nightwolf.org.uk/  ~-----------------------------------, 
   \ Redclaw chat - http://redclaw.org.uk - telnet redclaw.org.uk 2000 \____


___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.

References:
- [Sheflug] Dynamic or Static
  - From: Darrell Blake

Prev by Date: Re: [Sheflug] Dynamic or Static
Next by Date: [Sheflug] Movie authoring
Previous by thread: Re: [Sheflug] Dynamic or Static
Next by thread: [Sheflug] PCMCIA woes continue
Index(es):
- Date
- Thread