Results 1 to 10 of 10

Thread: ftp question

  1. #1
    Junior Member
    Join Date
    Jul 2002
    Posts
    6

    ftp question

    I have 3 computers connected to a 4 port linksys router. i assigned all my computers with static ip addresses. one of my computers is an ftp server. i was wondering if the server would be more effecient with one assigned static ip address and the other two computers with dynamic ip address or is it better just to keep the configuration i have already. any feedback is appreciated.
    \"It isn\'t till you lost everything that you are free to do anything.\"
    --tyler dirden

  2. #2
    Senior Member
    Join Date
    Aug 2002
    Posts
    651
    I don't see a reason for you to change your current configuration. I think it sounds just fine. However, I could be wrong. Anyone else on this one?
    Opinions are like holes - everybody\'s got\'em.

    Smile

  3. #3
    Senior Member geepod's Avatar
    Join Date
    Jun 2002
    Posts
    211
    Dont have any info of your network but sa it sounds then it shouyld be fine or you could change it, it wont make any difference aprt from the traffic caused by the dhcp broadcasts etc but on a small 4 machine network the traffic will be negligible !!!!!!
    Our destiny is to endure all hardships that we encounter along the path to what we perceive to be true and worthwhile !

    The Head foundation
    Please give generously

  4. #4
    Senior Member
    Join Date
    Mar 2002
    Posts
    238
    I don't really see why it would matter. Your server, yes, must have a static address, but the rest of them don't matter that much. I would probably go with static because it would be, in my opinion, more secure.

    Why? Well, if I would want to ban specific addresses from my server, instead I could ban them all excluding a few, counting my other linked clients. It would make life easier if these clients had static IP addresses..


    Regards,
    Silentstalker

    Silentstalker@nitesecurity.com
    -{[ Joe ]}- (Joe@nitesecurity.com)
    http://www.nitesecurity.com

    [shadow]I\'m Just A Soldier In This War Against Ignorance.[/shadow]

  5. #5
    Senior Member
    Join Date
    Jan 2002
    Posts
    371
    I agree with silentstalker. It wouldnt matter what DHCP settings the client machines have. Your FTP Server although should have a static address.

    But from a Security perpsective, like silentstalker stated, I would be best to create FTP accounts locking them down to source IP Address. eg:

    Account1 - lock down to Source IP Address of x.x.x.x
    Account2 - lock down to Source IP Address of y.y.y.y

    Doing this increases the security of your FTP Server dramatically.
    SoggyBottom.

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  6. #6
    Member
    Join Date
    Apr 2002
    Posts
    97
    I would like to inquire in more detail as to why you both think static IPs are more secure? From my experience, a dynamic IP makes a person's computer more secure, because the constant change of address makes it difficult for a malicious hacker to track your computer. For example, if a person is trying to crack your root account over a period of days, they would have to find your IP address all over again every time you reconnected to the internet.
    The radiance of ignorace in a world of nothingness and all of this time your pestilence has created nothing but uselessness

  7. #7
    Junior Member
    Join Date
    Jul 2002
    Posts
    6
    the way i understand it is when you forward your ports for computers in a WAN to access your server, you gotta have a static ip address. now i have 3 ports forwarded to my main computer (2 for winmx and 1 for the ftp server.) i don't know why, but i noticed that people have problems accessing my server or have very low speeds, but when i access theirs, the speed is very respectable. i just wanna know whether there is a to configure my router or anything to make it more efficient. i'm not behind a software firewall and i have mcafee's AV.

    and i'm with imaginedsanity, wouldn't a dynamic ip be more secure? too bad i can't forward ports to a dynamic ip....that would be futile.
    \"It isn\'t till you lost everything that you are free to do anything.\"
    --tyler dirden

  8. #8
    Senior Member
    Join Date
    Jan 2002
    Posts
    371
    Well, you cannot lock users down to their source IP address if it is constantly changing.

    You can do the following when setting up a ftp server:

    1. Set up user accounts and rely on the security strength of their login details.
    or
    2. Set up user accounts and lock them down to use their account from 1 IP Address.

    The 2nd option is far more secure, for it doesnt allow unauthorised people to brute force ftp accounts, when option 1 does.
    SoggyBottom.

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  9. #9
    Junior Member
    Join Date
    Oct 2002
    Posts
    4
    Do you usually shutdown your machines ? i tell you this cause i have 3 machines with dhcp, and is the same if i put then static ,the ip never changes, ´cause i never shutdown my machines and when i do this normaly they take the same ip. So i don`t thing you have to change. "If it works, don´t touch". (sounds better is spanish "si funciona no lo toques" )

  10. #10
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    There is a very big dependency in this equation that hasn't been addressed, and that is whether there is a firewall in the picture (the router possibly) that isn't aware of the DHCP assignments (it would have to be done by the router). If the router has firewall capabilities but not DHCP ones (from your description, not likely) or if there was a pure firewall in place (that didn't serve the DHCP addresses), a static setup would be better because it would allow you to setup very restrictive ingress/egress filtering at the entry point to your network. IMHO, it is far better to be able to setup restrictive ingress/egress filtering to control access to your network rather than hoping chaning IP addresses around will confuse a hacker (There is no security through obscurity). In this case, static address in my opinion would be preferred.

    With that being said, I, on my home network, have a router that can act as a firewall and a DHCP server and since it 'knows' what machine is connected where (via MACs), through proper setup of the server, you could have the entire setup be dynamic and still work with ingress/egress filtering. You would just setup a permanant lease for your server, dynamic assignments for the rest of your computers, and then have it map only the services you want accessible from the internet through the router to the server in question, disallowing all other incoming traffic. This would have the effect of hiding everything on your network, except for your one server on specific ports, would still give you the ability to use DHCP, and in at least my opinion make you a little safer and still give you the benefits of using DHCP.

    So the answer is, if your firewall isn't aware of the DHCP assignments, static is the way to go, if it is, use dynamic all the way...

    Hope this helps,

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •