networking - Is it bad to disclose external IP to strangers?

09
2014-02
  • JqueryLearner

    I was looking some examples on how to connect mysql/tomcat from a remote system. (ex1, ex2, ex3)

    I have just provided some links though there are many available. In all the examples I have seen nobody is disclosing his external IP. Some write 'x.x.x.x', some write 'externalIP' and some use other ways. I am just curious to know why people do not disclose their external IP, but do they show their local IP like 192.168.1.22. Can people hack into a system by knowing the external IP or are there any other reasons?

    • Answers
  • Zoredache

    There is a potential that if you post your public IP that you will draw more attention to it, then what it would normally receive by simply being on the Internet. Ideally your firewall and host security should already be strong enough to withstand and attacks. There is nothing inherently secret about an IP address. They have to be known for communication to happen.

    There is a network reserved explicitly for documentation and sharing 192.0.2.0/24. So feel free to use that, or one of the other RFC 5735 ranges that are reserved for internal networks or documentation.

  • LeFauve

    Giving your real IP address is not really recommended but it's not usually harmful (after all, every time you go to a website, its owner can see your address, and thankfully most of them have better things to do than attacking you).

    Now, posting it in a message where you also explain you just turned off both your firewall and your antivirus will really get some attention from the bad persons.

    Regarding the fact that you even consider turning those off, I would say the right answer for you is do not post your IP address anywhere!

    Now, about your comments to previous answers: you don't have to turn off your firewall to allow connection to one server running on your pc. Just configure it to open the port you need.

    Also I'm kind of sure disabling your antivirus will not help at all. Don't do that.

    If as I assume you have issues to connect to a server running on your pc from outside your local network, the source of the problem is usually one of those two:

    • you have a router, and you need to configure port forwarding on your router (not on your pc)
    • your server software is configure to only accept local connections (connections originating from the same pc it is running on), and you need to change this setting (Google this since it depends of the actual server you're trying to configure)

    Good luck!

  • konqui

    yes and no, the Problem is not hacking (there for they have a firewall which should not let Bad-Things happen) but you can do so called DDOS Attack against the Server/Firewall over the public IP.

    Also its not usefull if you write your public IP (cause many DAU users just copy past code, and then you have a problem cause their System would have the same ip as yours which is really bad cause a public ip must be unique.

    internal ip is no problem they can just use the same cause its behind the router (the problem with not beeing unique is stuck on their own network so no problem for you)

    i hope this helps. sry my bad english - was in a hurry and my motherlanguage is german not english.


    • Related Question

    networking - Will my internet address for my internal site cause my traffic to go external?
  • Toby Allen

    If I have two domains pointing to the same machine, but one resolves to an internal address and the other to my internet facing router, will there be any differnce in route taken to my machine (primarily in terms of performanc).

    eg.

    internal.mydomain.com resolves to 192.168.1.200 
external.mydomain.com resolves to A.Web.External.IP

    both eventually resolve back to the same machine. For a client in the network, will using the external address give a performance penalty?


    • Related Answers
  • Majenko

    Yes, but only slight. The traffic will have to first go to the router, where it will be forwarded on to the machine. If there is a massive amount of traffic and the router isn't man enough for the job you may notice some slowdown.

  • Olli

    As @Matt already noted, yes, there is slight slowdown. However, there is also solution for that: split DNS. In split-horizon DNS you answer with different records depending on where request comes from. Example configuration for bind9:

    view "trusted" {
 match-clients { 192.168.1.0/24; }; // our network
 recursion yes;
 // other view statements as required
 zone "mydomain.com" {
  type master;
  // private zone file including local hosts
  file "internal/master.mydomain.com";
 };
 // add required zones
};
view "badguys" {
 match-clients {"any"; }; // all other hosts
 // recursion not supported
 recursion no;
 // other view statements as required
 zone "mydomain.com" {
  type master;
  // public only hosts
  file "external/master.mydomain.com";
 };
// add required zones
};

    (Source)

    That way bind will serve internal/master.mydomain.com to requests coming from your LAN and external/master.mydomain.com for requests coming from internet. Advantage is that you can use same addresses from both networks, but LAN traffic is not going through your router.