IP Protection?

[AstroBenny]

14 hours ago, Ithanul said:

Yeah, the IP is mostly just the forward facing port from your modem or router, not your actually computer's IP behind.  Most modern routers utilize NAT.  Reason you can have multiple devices behind a router with a private IP range, yet still hook to the internet that requires a public IP range.  Also, a good router comes with a built in firewall too.  One rule of thumb, all ways have a deny all as final rule.

 Why would you need deny all as a final rule?

[leadeater]

46 minutes ago, AstroBenny said:

 Why would you need deny all as a final rule?

Not really something to worry about, all home routers you buy have that rule in place by default (Inbound to WAN interface). When you setup things like port forwarding in the web interface it also creates an allow firewall rule at the same time. The exception to this is if you put a device in a DMZ configuration, don't do this it's not needed and shouldn't be done.

 

All modern routers, game consoles and computer games use UPnP which dynamically setup one time temporary port forward rules for you so you never have to look at the web GUI of your router basically ever, once during setup if it's not ISP supplied.

https://en.wikipedia.org/wiki/Universal_Plug_and_Play#NAT_traversal

 

 

[espurritado]

17 hours ago, Lurick said:

Most of the time that doesn't work anymore, at least in the states. A lot of ISPs are moving towards binding your MAC address to an IP address so you would have to change the MAC address presented to the modem to get it to change.

I believe there's a misunderstanding here, you are talking about local ip addresses (normally 192.168.x.x). However, the public ip address (the one anyone in the internet sees you as) is the same for all the devices connected to you local network.

 

You can configure your local network to assign local ip addresses dynamically or not, however, binding a public ip address to a mac address right now would be impossible on the IPv4 protocol. It still might happen with IPv6 but it is yet not implanted 

[leadeater]

16 minutes ago, espurritado said:

I believe there's a misunderstanding here, you are talking about local ip addresses (normally 192.168.x.x). However, the public ip address (the one anyone in the internet sees you as) is the same for all the devices connected to you local network.

 

You can configure your local network to assign local ip addresses dynamically or not, however, binding a public ip address to a mac address right now would be impossible on the IPv4 protocol. It still might happen with IPv6 but it is yet not implanted 

Edit:

Woops never mind thought you were quoting a different reply.

 

FYI ISP's do put in DHCP MAC address reservations on the public IP pool for customer routers, and in my opinion I think this is a good idea and helpful from a customer perspective. No need to pay for a static IP address as you'll always get the same one evern after router reboot unless you change it's MAC or replace the router.

[Lurick]

11 minutes ago, espurritado said:

I believe there's a misunderstanding here, you are talking about local ip addresses (normally 192.168.x.x). However, the public ip address (the one anyone in the internet sees you as) is the same for all the devices connected to you local network.

 

You can configure your local network to assign local ip addresses dynamically or not, however, binding a public ip address to a mac address right now would be impossible on the IPv4 protocol. It still might happen with IPv6 but it is yet not implanted 

Yah, I know the difference between public and private

 

But here in the states at least our ISPs will actually bind an IP address to your MAC address presented to the modem, or on the modem itself for IPv4. I've moved houses twice in the past 8 years and had my modem disconnected for upwards of a week at one point in time and I still have the same IP address because of how they have it setup. Yet my IPv6 address will change if I unplug my modem for even a minute, it's rather annoying.

[leadeater]

1 minute ago, Lurick said:

Yah, I know the difference between public and private

 

But here in the states at least our ISPs will actually bind an IP address to your MAC address presented to the modem, or on the modem itself for IPv4. I've moved houses twice in the past 8 years and had my modem disconnected for upwards of a week at one point in time and I still have the same IP address because of how they have it setup. Yet my IPv6 address will change if I unplug my modem for even a minute, it's rather annoying.

Weird, why on earth would they reserve IPv4 and not IPv6. I mean it's like zero effort to do that and super helpful.

[Lurick]

4 hours ago, AstroBenny said:

What's subnetting?

Subnetting is the division of a block of IP addresses into smaller blocks. For example you can take 192.168.0.0/24 and split it into two /25 blocks of 192.168.0.0/25 and 192.168.0.128/25. It's very useful for management of devices and conservation of addresses in networking, especially for device to device links where you can use a small block of two addresses between two routers in a network instead of burning an entire subnet of 256 addresses.

[Lurick]

Just now, leadeater said:

Weird, why on earth would they reserve IPv4 and not IPv6. I mean it's like zero effort to do that and super helpful.

Because Time Warner Cable, that's why, lol.

I hope it's just because they've recently-ish finished rolling out IPv6 to everybody and it's just a first phase kind of setup. I've complained several times about the issue to their support.

[Nuluvius]

19 hours ago, huilun02 said:

Just say you're on dynamic IP...

All that shenanigans are just empty threats to compel tech illiterate people into doing their bidding.

 

 

[leadeater]

1 hour ago, Nuluvius said:

-snip-

I actually watched that on TV and almost lost it lol, Scorpion levels of WTF?!?!

[harry4742]

9 hours ago, leadeater said:

All modern routers, game consoles and computer games use UPnP which dynamically setup one time temporary port forward rules for you so you never have to look at the web GUI of your router basically ever, once during setup if it's not ISP supplied.

https://en.wikipedia.org/wiki/Universal_Plug_and_Play#NAT_traversal

 

 

PLEASE TURN UPnP OFF!!!  

[leadeater]

2 hours ago, harry4742 said:

PLEASE TURN UPnP OFF!!!  

For your plug and play home users they want it on, the security concerns are over stated and don't out way the benefit for the users that have never logged in to a router web interface ever.

 

Edit:

I'm also excluding the really old routers with known security flaws in everything not just UPnP, we can't save everyone if they want to keep 10-15 year old devices with clear problems.

[AstroBenny]

On 19/12/2016 at 9:36 AM, leadeater said:

Not really something to worry about, all home routers you buy have that rule in place by default (Inbound to WAN interface). When you setup things like port forwarding in the web interface it also creates an allow firewall rule at the same time. The exception to this is if you put a device in a DMZ configuration, don't do this it's not needed and shouldn't be done.

 

All modern routers, game consoles and computer games use UPnP which dynamically setup one time temporary port forward rules for you so you never have to look at the web GUI of your router basically ever, once during setup if it's not ISP supplied.

https://en.wikipedia.org/wiki/Universal_Plug_and_Play#NAT_traversal

 

 

So the deny all is referring to open/closed ports? You said all routers have that rule in place by default but you don't have to open port 80 when you get a new router just to use the web..

^

I don't understand what I don't understand so I'll just leave that there ..

[leadeater]

3 hours ago, AstroBenny said:

So the deny all is referring to open/closed ports? You said all routers have that rule in place by default but you don't have to open port 80 when you get a new router just to use the web..

^

I don't understand what I don't understand so I'll just leave that there ..

Traffic originating on the internal network, LAN, is allow all by default. Any traffic related to this, inbound traffic from the web, is also allowed since the session was initiated on the LAN. Everything is given a session ID so your router knows who created it, one of your computers or someone external to your network.

 

Traffic originating from the external network, internet, is deny all by default.

 

For firewalls the most important thing is the point of origin as that is the basis for which things are assessed. 

[harry4742]

21 hours ago, leadeater said:

For your plug and play home users they want it on, the security concerns are over stated and don't out way the benefit for the users that have never logged in to a router web interface ever.

 

Edit:

I'm also excluding the really old routers with known security flaws in everything not just UPnP, we can't save everyone if they want to keep 10-15 year old devices with clear problems.

I turned it off and I dont have any problems