Atul Chitnis forced the electrons to say:
> On Mon, 27 Sep 1999, Srikrishnan Chitoor wrote:
>
> > Forgive me if this is a naive question.
>
> A question *not* asked is a dumb question. If in doubt, ask! ;-)
>
> > I have a computer directly (no firewall) connected to Internet and which
> > has an IP address of 192.168.1.100.
> >
> > Is this computer more secure than a computer that has a valid Internet IP
> > address (like 207.209.79.204) and is behind a firewall?
>
> *Technically* 192.168.1.100 is a non-routable address on the Internet.
> Hence no-one should be able to reach the machine from the outside.
>
> But this means absolutely nothing. Today's crackers know a trick or two to
> get around such "limitations". IP spoofing comes to mind. You can safely
> assume that you are vulnerable.
My 2 cents worth on this.
If your ISP assigns you a dynamic IP address, then knowing that address, I
can attack your system. The IP addres 192.168.1.100 is typically assigned
to the eth0 interface, whereas the dynamic address is assigned to the
ppp0/ippp0 interface of the dialup connection. It is always advisable to
have a firewall if you are afraid of cracker attacks (to verify this,
connect to the internet, note the dynamic IP address, go to another
computer - also on the net - and try to telnet to your linux machine
using the dynamic IP address).
Of course, a static IP address is known all over the world, while a
dynamic one gets changed quite frequently, so to find out the dynamic
address is a task on its own. In any case, it is better to have a firewall
to block off those unwanted people trying to crash your computer.
VSNL, in Bombay, assigns IP addresses in the range 202.54.*.*. It is
possible to write code to loop over this set of IP addresses and locate
the linux machines among these. The easiest way (I think) is to try to
establish a TCP/IP connection to one of the well known ports and try to
figure out what the system is from the response (eg, version numbers of
programs on smtp, pop-3, ftp ports etc.)
So, whatever the kind of internet connection you have, it is always
better to set up a firewall. With a static IP address, it becomes almost
mandatory. :-)
Binand
--
#include <stdio.h> | Binand Raj S.
char *p = "#include <stdio.h>%cchar *p = %c%s%c; | This is a self-
int main(){printf(p,10,34,p,34,10);return 0;}%c"; | printing program.
int main(){printf(p,10,34,p,34,10);return 0;} | Try it!!
--
#include <stdio.h> | Binand Raj S.
char *p = "#include <stdio.h>%cchar *p = %c%s%c; | This is a self-
int main(){printf(p,10,34,p,34,10);return 0;}%c"; | printing program.
int main(){printf(p,10,34,p,34,10);return 0;} | Try it!!
PGP signature
