I subscribe to an ISP that uses static ipa's and has no plans to
change to giving their users dynamic ones. Is a user with a static ipa
more vulnerable than one whose ipa changes virtually every time they
log on.
By vulnerable I mean:
1) Vulnerable to regular attack from the same source(s) who want to
target that user.
2) Vulnerable if an official and authorised party contacts your ISP
wanting to know who we are?
Does an ISP keep a huge audit of which dynamic ipa is leased to EVERY
user all of the time? Surely not.........

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nicked wrote:
> I subscribe to an ISP that uses static ipa's and has no plans to
> change to giving their users dynamic ones. Is a user with a static ipa
> more vulnerable than one whose ipa changes virtually every time they
> log on.
> By vulnerable I mean:
> 1) Vulnerable to regular attack from the same source(s) who want to
> target that user.
> 2) Vulnerable if an official and authorised party contacts your ISP
> wanting to know who we are?
> Does an ISP keep a huge audit of which dynamic ipa is leased to EVERY
> user all of the time? Surely not.........

In my opinion, a static IP doesn't make you any more or less vunerable
than a dynamic IP does. At the peak of the "Blaster Worm" attacks, my
/dial up/ dynamic IP address was *saturated* with attack traffic.
Security by obscurity didn't me any. Overall, my preference would
be to have a static IP as the benefits outway the problems.

In either case (static or dynamic), the ISP /does/ keep an audit of who
is assigned what, for technical reasons. The ISP may also be required to
retain the audit for legal reasons, but that varies from jurisdiction to
jurisdiction. Queries on "who you are" based on your IP address can be
answered (to a limited extent) no matter whether you get static IP
addresses or dynamic IP addresses.

Just my 2 cents worth
- --

Lew Pitcher, IT Specialist, Corporate Technology Solutions,
Enterprise Technology Solutions, TD Bank Financial Group

(Opinions expressed here are my own, not my employer's)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFETnZRagVFX4UWr64RAqRjAJoCNnOJk2lucWym/+DUZqQPAf24qACgi2GX
a5GCVqUJSqt3k2qYkUXYyqU=
=jM0j
-----END PGP SIGNATURE-----

In article <mDu3g.1342$fx.212406@news20.bellglobal.com>,
Lew Pitcher <Lew.Pitcher@tdsecurities.com> wrote:

>> change to giving their users dynamic ones. Is a user with a static ipa
>> more vulnerable than one whose ipa changes virtually every time they
>> log on.

>In my opinion, a static IP doesn't make you any more or less vunerable
>than a dynamic IP does.

Since modern malware phones home as often as needed, and since installation
of malware can happen even while disconnected (e.g. while using Microsoft
mail software offline), it's hard to see much protection in dynamic
IP addresses.


>In either case (static or dynamic), the ISP /does/ keep an audit of who
>is assigned what, for technical reasons....

Another way to look at it is that by IETF/IANA fiat, all IP addresses
are dynamic. It's only the likely renumbering rate that varies.

Besides the reasons ISPs have for keeping track of who has been recently
assigned an IP address, they also have reasons to prefer to assign the
same address to a given customer as last time. Many things work better
including DHCP (or IPCP) itself without more reassigning than necessary.
That can be considered a reason why many nominally dynamic IP addresses
on DSL and cable modem networks are reassigned less frequently than
some nominally static addresses.


Vernon Schryver vjs@rhyolite.com

In article <purs425pb4ajot52pvt77qvknpmn6q17ue@4ax.com>,
Nicked <Nicked> wrote:

> I subscribe to an ISP that uses static ipa's and has no plans to

"ipa's"? You're the first person I've ever seen who abbreviated IP
Address as "ipa" -- where did you learn this from? Even though it
doesn't make sense, the common abbreviation is simply "IP".

> change to giving their users dynamic ones. Is a user with a static ipa
> more vulnerable than one whose ipa changes virtually every time they
> log on.

If you have a broadband connection it's likely that your IP stays the
same for long periods, even though it's assigned dynamically. The
server remembers the IP it assigned to you, and reassigns it if it's
still available.

> By vulnerable I mean:
> 1) Vulnerable to regular attack from the same source(s) who want to
> target that user.

This is probably the only case where a static IP could be a problem. If
someone is specifically after you, and they find out your IP, they can
mount a prolonged attack.

> 2) Vulnerable if an official and authorised party contacts your ISP
> wanting to know who we are?
> Does an ISP keep a huge audit of which dynamic ipa is leased to EVERY
> user all of the time? Surely not.........

Yes, ISPs keep logs of these. They need this to respond to abuse
reports. So if they need to know who was assigned a particular IP at a
particular time, they can do it.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

Thanks everyone.
It seems then even the so-called administrative advantages of DHCP are
not as great as at first sight, esp. if the audit trails are larger
and more complex than with static ipa

Nicked

Nicked <Nicked> dixit:

> Thanks everyone.
> It seems then even the so-called administrative advantages of DHCP are
> not as great as at first sight, esp. if the audit trails are larger
> and more complex than with static ipa

Actually, once you know a little IP admin, the difference gets blurrer.

If, for instance, I get a DHCP-leased IP xxx.yyy.zzz.21, I can switch to
manual IP address and set xxx.yyy.zzz.23 or some other address in the
neighbourhood that it is not being used (you can ping it to ensure it is
not).

You won't spot the difference.

Marcos

Barry Margolin wrote:
> "ipa's"? You're the first person I've ever seen who abbreviated IP
> Address as "ipa" -- where did you learn this from? Even though it
> doesn't make sense, the common abbreviation is simply "IP".

In Portland, OR, US, where I live, IPA = India Pale Ale. Bridgeport
Brewing Company makes the best!


NM

In article <Xns97B19BC4D468Bnone@149.204.49.80>,
Marcos Martinez Sancho <noemail@noemail.be> wrote:

>> It seems then even the so-called administrative advantages of DHCP are
>> not as great as at first sight, esp. if the audit trails are larger
>> and more complex than with static ipa

"Audit trails" for static IP addresses tend to be manual, while those
for DHCP (or IPCP) assigned addresses, when they exist, tend to be
purely automatic. Computers work a lot cheaper and easier than people.

ISPs should keep logs, but some major outfits long refused to keep logs,
or at least claimed that it was impossible to identify (privately, of
course) and deal with a customer given clear and convincing evidence
that the user of an IP address is a spammer, phisher, or worse.


> Actually, once you know a little IP admin, the difference gets blurrer.
>
> If, for instance, I get a DHCP-leased IP xxx.yyy.zzz.21, I can switch to
>manual IP address and set xxx.yyy.zzz.23 or some other address in the
>neighbourhood that it is not being used (you can ping it to ensure it is
>not).

That is true only of some DHCP installations. The protocol allows
requests from DHCP clients asking for a particular IP address, but DHCP
servers need not go along with such requests even if the requested IP
addresss are not in current use and in principle available.

> You won't spot the difference.

well, perhaps not, depend on who "you" is, what sort of logs the DHCP
server keeps, and so forth.


Vernon Schryver vjs@rhyolite.com