Turning Local Dynamic IP Address Into A Local Static IP Address By Reserving It (Video)

A little diagram of an IP address (IPv4)

A little diagram of an IP address (IPv4) (Photo credit: Wikipedia)

What is local static IP address?  When someone talks about setting up a computer with a local static IP address, this person probably means to have a computer to use a local IP address that will not change.  Static means never change.

What is a local dynamic IP address?  It means a router will monitor the expiration dates of the leases of the local dynamic IP addresses which the router gave out to various computers within a network.  So when a computer uses a local dynamic IP address, sometime in the future a dynamic IP address will have its lease expired.  When this happens, a router will assign a new local dynamic IP address to this particular computer.  This means a dynamic IP address will have to change from time to time.

The benefits of having a local static IP address is that whenever a machine within a network is acting as a server of some sort, its local IP address remains the same as always.  This means if you had done a port forwarding for this particular machine, the port forwarding settings will not have to be changed.  This won’t be the case if you have a machine with a local dynamic IP address, because the local dynamic IP address will change and then the port forwarding settings too have to be reset so the router will know which local machine or server of some sort of which local IP address will be able to accept the port forwarding’s data.  So, it’s clear that using local IP addresses is best when you have machines that act as servers and so on.  Perhaps, a Time Machine server for doing backups for a Mac?

So, what is good about using local dynamic IP addresses?  The good thing about using local dynamic IP addresses is that once you set your computer to accept dynamic IP addresses in the network settings, you can move around the whole city or just about anywhere that hands out free Internet connection and not have to mess around with the network settings again.  What happens is that any public place that lets you tap into their network will probably assign your computer a local dynamic IP address.  Since your computer is set to accept a local dynamic IP address, you’re good to go.  You know, surfing the web and so on and not having to mess around with network settings.  If you’re already have your computer sets to use a local static IP address, it will be messy for you when you tap into a public Internet connection.  You will have to go into your network settings and then switch from static network settings to DHCP one.  After that, when you get back to your local network, you will have to re-enter all your local static IP settings into your network settings again so your computer will be able to use a local static IP address.

What if you want to have the benefit of not messing around with the network settings at all and allow the router of whatever network to do all the hard work by assigning you a local dynamic IP address whenever, and then you still keep the local static IP address settings when you get back into your local network?  How are you going to do just this?  Well, the answer is to reserve a local dynamic IP address.  When you reserve a local dynamic IP address, this particular local reserved dynamic IP address will always be assigned to the same machine.  So, in a sense, the router is always going to automatically assign a local static IP address for a particular machine.  So, in this sense, using local reserved dynamic IP address retains the same benefit of using a local dynamic IP address (i.e., the router will automatically do all the dirty work and you don’t have to mess with the network settings).  So, imagine this scenario.  You get to a Starbucks, get a latte, turn on your computer and then it will automatically accept a local dynamic IP address from the Starbucks’ router.  When you get back home, your local network will automatically assign your computer with the reserved local dynamic IP address.   This scenario allows you not to have to ever mess around with network settings once you have reserved a local dynamic IP address with your router.  Yet, a particular machine which you have reserved a local dynamic IP address for will have a local static IP address as this particular reserved local dynamic IP address will never change.

Just remember, when a router automatically assigns a local IP address, it’s doing its dynamic IP thing, and when you have to open up the network settings of your machine to add a static IP address manually, you’re doing static IP address thing.  Having reserved a local dynamic IP address, the router will do both dynamic and static IP things for you, letting you have more free time to do whatever.  Router will automatically assign a local dynamic IP address to your machine but this particular dynamic IP address will never change.  Anyhow, I hope you get it.

Within the video above, you get to see me showing you how to add a local reserved dynamic IP address so you can use it as a local static IP address for your machine.  Enjoy!!!

Advertisements

Today, Google And Major Internet Companies Are Turning On Their IPv6 Tap

An illustration of an example IPv6 address

Google and other major Internet companies are going to turn on their IPv6 capability on June 6th of 2012.  They all agree and think that IPv4 will be running out of IP addresses very soon.  When IPv4 runs out of IP addresses, the Internet will be limited to only 4 billions, roughly around this number, Internet connected devices.  Nonetheless, we should know that IPv4 can only run out of IP addresses for real if only if all IPv4 IP addresses are online at the same time.  Still, the human population is already 7 billion plus, therefore when enough people out there want to have their own mobile devices — and at home they all want smart home devices that may carry IP addresses — the Internet will definitely choke when IPv4 has no IP address left to distribute.  Instead of limiting to only 4 billion plus IP addresses, IPv6 is capable of distributing 340 trillion trillion trillion IP addresses.  This is some gigantic number that I don’t think I will ever get my head to wrap around it, but the computers won’t mind!!!  Anyhow, IPv6 ensures that the Internet will be able to handle just about any device that wants to connect to the Internet, because it has so much IP addresses to give out at any one time.  Even if everyone of us on the planet earth will have at least one Internet connected device, IPv6 is still going to chuck along as if it is eating a Sundae Ice Cream.  Nonetheless, we are prophetically sure that the future, each and everyone of us will have not only one but many more Internet connected devices.  Check out the video right after the break to see one of the Internet founding fathers, Vint Cerf, talks about why we are desperately needed to use IPv6.

Source:  http://www.google.com/intl/en/ipv6/

Third Party DNS Services’ Servers Allow People To Access Websites That Are Protesting Against SOPA/PIPA. When SOPA/PIPA Become Law, Only Malicious Third Party DNS Servers Might Be In Service!

DNS on the roadWikipedia and other popular online services are opposing and protesting against SOPA and PIPA, therefore these services might go dark (i.e., turning off their services) today.  In case you can’t use these online services today, you should think about using Google’s Public DNS or OpenDNS since these third party DNS services might have route their DNS through servers that locate outside of the United States of America, consequently allowing you to access these online services just fine even though you live within the United States of America.  For your information, I’m able to access Wikipedia’s English website just now, and this means my using of popular third party DNS services such as Google Public DNS and OpenDNS has allowed me to access these popular services just fine.

The blackout of these popular online services has exposed the useless effort of trying to block websites at DNS level.  As you can see, by using third party DNS servers, people can access the blackout websites just fine.  It’s rather pointless, and it might encourage people who have no idea of DNS to use the wrong third party DNS servers that may get them in situations where they can be infected with computer viruses, malware, and so on.  Don’t think so?  What if those third party DNS servers are intending to redirect targeted victims to the phishing websites where people will enter their confidential information such as banking credentials?  I think you know where I’m heading, and so I hope you know how important it’s for us to make sure the integrity of DNS structure within the United States of America stays innocent and harmless (i.e., does not discriminate against specific types of web traffics), otherwise people might find themselves to be victimized by computer viruses, identity theft, and more just because they try to use unknown, unpopular third party DNS services’ servers.

Even worse, I don’t think Google Public DNS and Open DNS services will be fine and dandy when SOPA and PIPA become law!  Why?  If you read Yahoo article’s Why SOPA is Dangerous, it explains that any service enables/allows people to access copyright infringed materials would be subjected to SOPA and PIPA regulations.  This means Google Public DNS and Open DNS services might have to be shut down since these popular third party DNS servers are clearly within the United States’ jurisdiction and allowing people to access all contents (i.e., even copyright infringed contents).  Since well known third party DNS servers such as the ones that belong to Google Public DNS do not have the ability to screen every web traffic (i.e., simply not cost effective), third party DNS servers simply cannot function under SOPA and PIPA.  Without having access to popular third party DNS servers, people might just have to rely on malicious third party DNS servers that locate outside of the United States.  I’m going in a loop in explaining to you over and over again on purpose, because I think SOPA and PIPA are just downright dangerous!

Some of you might argue that since the founders of SOPA and PIPA had taken out the specific bits that allow to block web traffics at DNS level, therefore we might not need to worry about SOPA and PIPA anymore.  I think you’re wrong!  Why?  Other bits within SOPA and PIPA are still gunning for shutting down websites and online services that are just simply enabling users to access infringed copyright contents.  Knowing these bits are still within SOPA and PIPA, it’s simply making sense that DNS servers that are being targeted or will be targeted by Attorney General (i.e., as how it is explained by Yahoo’s article Why SOPA is Dangerous) will have to be shut down still.  So, how can we be sure that Google Public DNS and OpenDNS will be in service in our near future?  I think we simply just don’t know!  So, the idea that DNS structure as a whole isn’t going to be regulated by SOPA and PIPA is an irony.  When SOPA and PIPA become law, the Attorney General might still have the power to shut down specific DNS servers within the United States, because the languages within SOPA and PIPA are just too broad.

When I say DNS servers get shutdown, it might mean certain affected websites might not be accessible within the United States.  It’s all depending on how the Attorney General wants to make things happen under the contexts of SOPA and PIPA.  For all we know, the Attorney General can just shut down the DNS servers that allow Internet users within the United States to access certain copyright infringed websites.  When DNS servers get shutdown, not only infringed copyright websites but all websites that are relying on the same out of service DNS servers will be unreachable.  To put this in another way, it doesn’t matter which website, because all websites and online services accept all web traffics, and Internet users who rely on out of service DNS servers might have to rely on malicious third party DNS servers.  In the case where specific websites are being blocked by DNS servers and not the DNS servers are being shutdown, Internet users can still access such websites with relying on malicious third party DNS servers.  Of course, not all third party DNS servers are malicious, but I think the probability of having people who don’t know much about DNS using malicious third party DNS servers is high!  End rant!

Pragmatic Security Tips To Protect Routers And Networks In 2012 And Beyond

Some rights reserved by gcg2009 (Creative Commons License - Attribution 2.0 Generic) from Flickr.com

Tips to how to secure your router and network in 2012 and beyond.  These tips are pragmatic, and so it’s most likely that you may be able to apply these tips onto most routers and network setups.  Unfortunately, even though these tips are pragmatic in details, sometimes the tips here won’t be any useful for you if you have older routers or your network setups are too unique and special.  Let us get on with the tips.

In no particular order, the tips to secure your routers and networks are:

  • Change router’s default password for the administrator username/login.  Make sure the new password is a lot harder than the default password.
  • Change router’s default passphrase for your wireless network.  Make sure the passphrase is strong enough.  It’s best to throw in at least 50 plus characters string.  Also, don’t forget to include capitalization letters, numbers, and special characters (i.e. signs) in your 50 plus characters string passphrase.
  • Make sure to disable UPnP feature within your router.  I’ve heard hackers can exploit this feature.  To be safe than sorry, I guess you should turn this feature off if you don’t have the need for it.
  • Make sure your router’s firewall is turning on and filtering inbound and outbound traffics.
  • Make sure your router has MAC address filtering turns on and allowing only Mac addresses of machines on the list to access network.  Of course, you have to know hackers can still spoof MAC addresses easily, therefore this is not 100% hacker proof.
  • Disable DHCP feature or limit the DHCP IP address range to amount to how many physical machines you have and want to connect to your network using DHCP protocol (DHCP IP addresses).  This way, if an undesirable person wants to use your network, he or she might not be able to get a lease of DHCP IP address from DHCP server which runs on your router, therefore he or she cannot use DHCP IP address to access your network.  Keep in mind that he or she can just assign himself or herself a local static IP address and connect to your network anyway.  Nonetheless, this method might prevent script kiddies from acquiring DHCP IP address from using hacker tools.  Still, there is no guaranteed DHCP might prevent hackers from just running another script which automatically demands a static local IP address.  If you turn off DHCP, you might prevent hackers to exploit DHCP weakness/exploits, and so you can disregard DHCP exploits for your router.  Turning off DHCP also encourages you to enter a local static IP address for each computer’s network configuration, therefore you might prevent a specific computer from automatically connect to your router; in a way this method helps preventing a specific computer of yours from automatically connecting to a fake access point, because hackers can use a special router which can emit an even more powerful wireless signal, overwhelming your wireless router’s signal and encouraging a computer to connect to the wrong/rouge access point which hackers have controlled of (i.e., man in the middle attacks).
  • Disable Wi-Fi Protected Setup feature, because this feature is weak against hackers’ brute force attack which exploits a weak secure PIN authentication process (i.e., this feature reveals too much information on PIN authentication algorithm while authenticating a device).  Nonetheless, this feature might be patched by the routers’ makers in the near future, but to be safe than sorry it’s best to disable it until you really have the need to use it and it has been patched.
  • Enable WLAN Partition if you are paranoid about your network security.  This feature prevents wireless devices to communicate with each other.  Why is this feature useful in securing your network?  Imagine if a hacker can insert himself in your network with a wireless device, he or she might not be able to hack another wireless device of yours if the network disallows the communication between wireless devices.  Unfortunately, this feature might prevent you from sharing files and data between your wireless devices.  One example is iTunes home sharing might not work on wireless mac laptops.  Therefore, if you need to have your wireless devices to talk to each other, then you should not enable this feature.  Otherwise, it’s an awesome feature for enhancing your network security.  Let not forget, if an elite hacker has hacked into your network, he or she might also have control of your router, therefore this feature in the end might be useless if a hacker can change the router’s settings at will.
  • Turning on several log features within your router.  Logs will help you trace back to strange network traffics, requests and errors.  Perhaps, logs can even tell you that you’re getting hacked.  Of course, elite hackers might have way to not trigger your router to log their hacking activities.  Therefore, this feature is just one more layer/tool for you to protect yourself against hackers.  This feature might slow down your router though, because it’s logging network traffics.  So, if your router isn’t equipped to log heavy network traffics, then you should turn this feature off.  It’s all depend on a network situation and the capability of your router really.
  • Enable Access Control.  This feature is useful only if your router is able to allow you to add two types of rules that matter most, and these two types of rules should be made available at the same time, so one rule is enhancing the other rule in security measures.  First rule should be disallowing all other machines to connect to your network.  Second rule should be allowing only the machines with the IP addresses listed in Access Control’s IP table to connect to your router/network.  Of course, you should note that this feature will enable a default blocking feature which might prevent your machines to access dangerous websites and so on, therefore some websites you might want to access will not be accessible.  Also, your router may allow you to add additional websites to be blocked, consequently enhancing the security measure for Access Control feature.  Some routers even go as far as allowing Access Control feature to block certain network ports, but I don’t think this feature is necessary.  After all, your router’s firewall should be blocking all incoming requests and ports.
  • If your router isn’t connecting to your ISP through DHCP protocol, then you should add a trusted but more secure DNS IP addresses of third-party/trusted/secure DNS providers.  One good example would be DNS IP addresses of Google Public DNS service.  Another good example would be DNS IP addresses of OpenDNS.
  • Update your router’s firmware to the latest firmware.  This way you can prevent hackers from using known firmware exploitations that specifically target your router’s firmware.
  • Reboot your router sometimes or add a schedule reboot for your router if your router has this capability.  This way you can actually clear up the router cache and might prevent your router from storing what hackers have uploaded to your router.  I don’t think that it’s yet possible for hackers to be able to permanently make change to your router in regarding to what the router could store and so on.  Therefore, when you reboot your router, your router clears up the cache in its memory and so everything within your router should work as how it was.  Reboot a router can be done in two way.  One is to do a soft reboot which requires you to log into your router’s administration panel and reboot it this way.  The other way is just to pull the electrical adapter which powers your router off the electrical outlet, forcing the router to reboot and reconnect to your ISP.
  • You might also want to disable the SSID broadcast.  When you disable this feature, your machines might not be able to connect to your router using DHCP protocol.  Nonetheless, as long you know how to connect to your router manually using static local IP addresses, then you should be fine.  Of course, you have to remember your router’s SSID name and enter the router SSID onto your machines correctly before your machines can talk to your router.