Re: Why IP address is fixed everytime connected to the Internet?
From: Tomi Holger Engdahl (then_at_solarflare.cs.hut.fi)
Date: 29 Sep 2005 13:25:54 +0300
> I want to ask who assigns the IP address to a machine that connects to
> the Internet? The ISP, the network card (i.e. MAC address??), or the
Typically it is assigned by your ISP.
Most ADSL users nowadays get the address through DHCP protocol
from the ISP DHCP server. When the PC boots up and is set to
use DHCP, then it sends a request packet "please give me my IP address"
as a broadcast message. The ISP DHCP server receives that
requequest and send back the answer telling that IP address and
other network settings to use. DHCP is very common way to
get the IP setting on comporate LANs, cable modem systems
and in ADSL systems.
Otherway to get the IP address automatically is though PPP
connection. Some Internet connections are formed using PPP
(on normal modem connections), PPPoA (some ADSL systems)
and PPPoE (some cable modems etc.). PPP has build in capability
for handshaking the needed IP address settings when the
connection to PPP server (the router on the ISP end) is formed.
Then there are also users that have fixed IP addresses.
They have been given those addresses in the paper agreement
when they joined to the service, and then user has configured
that address as fixed IP address to his/her computer.
> It seems like my IP address is fixed everytime connected to the
ISPs have typically configured their DHCP servers in such way
that the same users get the same IP addresses often.
The DHCP server keep tracks of the IP addresses it had "leased out",
the MAC addresses of the devices that they have been given to,
lease time (for how long time the lease was given for) and
when the lease was given.
Usually when a server gets a request for IP address,
it checks for its records to find IP address that was
earlier given to that MAC address from where the
request came from. If it is found, the same address is
generally given. If the MAC address is not found in the
records, then a new free not used IP address is selected
from the list of free addresses, and this is marked to belong
to that MAC address. When all addresses are once used,
the server starts to mark the oldest (not used in long time)
IP addresses as free for reuse by other users.
This is basically how DHCP server work. This is idea.
Specific operation details can vary between different
server implementations and how the server is configured.
> it seems very unsecure because it allows hackers track the
> computers more easily.
Fixed IP is very unsecure only when your computer is unsecure.
If you have secure computer system you have nothign to worry.
Internet has worked from the beginning with the idea that
the computer have pretty fixed IP addresses (at least the servers).
If you plan to run server on your computer, you really
like the benefits of having fixed IP address that does not change
(There are also dynamic name services that allow using
non fixed IP addresses to run a server, it works in most
cases, but if your address happens to change at some time
all the currently open connections get cut and the server might
be inaccessable to other user for some time, even hours depending
on name server settings).
Fixed IP is a good thing. Your job is to keep your computer
secure. The security consists of safe enough operating system
(sensible operating system selection and keeping it up to date),
sensible system configuration (firewall setting, no unnecessary
services, no file sharign for whole Internet), using safe
applications (suitable web browser selection, keeping applications
up to date, no P2P application to share all yuour files).
Possibly addign a properly configured extenal firewall device
added to your system.
Using all the time changing IP addresses would not help
you mich in the security picture. There are systems that
constantly scans different IP addresses to find computers
that have security problems in them for this particular
virus/worm/hacker to use. Propablity of those random
scanners to find your computer first time is pretty much
same if your IP address is fixed or changing. And when
you have got some exploit in your computer, that software
can easily report your current computer IP address to
some hacker server every time you turn it on without
you knowing of it if your system is unsecure.
Changing IP addresses ecery time does not solve the
securty problems. In some cases it migh t seem to add
security, but the general thign is that constantly changing
IP addresses creates more problems than what it can solve
(it can't solve the security or privacy issues well).
> I thought the IP address should be dynamic, and each time when we
> connect to the Internet should have different IP address.
This is how things sometimes are, but this is not how
thing should be or would be best. There are systems to
access Internet that tend to be more or less permanent
IP addresses, and then there are systems that tend to
give every time new different address.
I prefer the systems that give fixed addresses.
They have more benefits.
> Is there a way that makes the IP address in my machine becomes dynamic?
> Please advise. thanks!!
Keep your computer powered down fo so long time so that your
old address is marked as "free" and used by other user. Then
you get a new address when you connect to Internet.
Select such operator/service that tends to give different
IP addresses every time (dial-in modem ISP services, some
cellular phone data services etc..).
Change your network card to a new card evry time you want
to change IP address. New Ethernet card has (or should
have to be proper, there are some sad exceptions to this)
an unique MAC address in it. New MAC unknown MA address
gets a new IP address from the ISP (unless the ISP has
made some limitations to this, for example fixing IP
addresses to some other properly in their network
like your ADSL modem / cable modem serial number,
some user account information on PPP based connections).
-- Tomi Engdahl (http://www.iki.fi/then/) Take a look at my electronics web links and documents at http://www.epanorama.net/