Erwin Craps
Erwin.Craps at ithelps.be
Sun Jul 27 16:00:59 CDT 2003
John I'm was not aware of the port 80 blocking of some providers, but I'm aware of classical workarounds to share a webserver when having a dynamic ip. Reading your explication (maybe I missed a part?) It sounded to me like everything was wide open and I get terrified reading that. It's a wild jungle out there on the internet. I got two (real) firewalls after each other and notice every small attempt, and you get very paranoid seeing al those attempts. All of my customers have a fixed IP and have a webserver on-line. I see those logs very often... I recently read that 90% of hacking happens after MS releases a security fix for something. You better have your system always up-to-date. Even if your server is not publicly known, you gonna have attempts within 10 minutes. There are computers just scanning all ip adresses, as soon as they see an ip comming up they try to hack it... I hope I did'nt scared you :-) Erwin -----Original Message----- From: jcolby at colbyconsulting.com [mailto:jcolby at colbyconsulting.com] Sent: Sunday, July 27, 2003 7:25 PM To: Access Developers discussion and problem solving Subject: RE: [AccessD] no-ip.com Erwin, Since I am running a network of 3 or 4 computers (if my laptop is turned on) on a dlink router connected to the WWW, in order to get a specific computer to act as an internet server (IIS) I have to open a port, and assign that port to a given IP address inside my net - 192.168.1.x. I then go into IIS and set the server (actually a specific web site) to use that port. I opened 80 because that is the typical port used for a web server, and then assigned it to my IIS server. It turns out that (apparently) my cable company blocks requests on that port to machines on their system, i.e. they are trying to prevent me (as a non-business purchaser / user of their services) from serving up web pages. I never went back in and closed it back down. I have done so now however. No-IP.Com allows me to get around this problem, as well as the problem of having a dynamically assigned IP. They provide a little application that runs on my IIS server that checks the IP address assigned to me (or my router) by the cable company, and transmits that IP address to No-IP.com. Thus No-IP knows (within about 5 minutes) of any change to the IP assigned to me. They allow me to build an address that looks like: colbyconsulting.no-ip.com that they then map to my dynamic IP that they know about. It really works quite well all things considered. Things get a little complicated because of the blocking of port 80. To get around that I build a redirector at their site. I set up my IIS to serve on a port different from the normal port 80, in my case I have chosen 54637. I then tell the redirector to go to colbyconsulting:54637.no-ip.com and voila, anyone that looks for colbyconsulting.no-ip.com gets redirected to the one with the actual port number on it. It sounds a bit complicated, and it took a bit of experimentation to get it all working. Since anything being wrong just prevents the page being served up it can be a pita to discover where something is going wrong. However it is all working now. I have no intention of actually trying to run a web site from my own server. However it would be convenient to be able to put up a web site for a potential client that demos what I can do for them, even specific to their data. It is for this purpose that I am jumping through these hoops. In the end I could just pay $150 or so (per month) and get a full business package including fixed IP addresses and the understanding that I am allowed to host a web site. Since my current service is only $35 / month it seems like a lot of money for this kind of application. Anyway, thanks for the reminder to go look at the ports assigned and tighten things up at the router. John W. Colby www.colbyconsulting.com -----Original Message----- From: accessd-bounces at databaseadvisors.com [mailto:accessd-bounces at databaseadvisors.com]On Behalf Of Erwin Craps Sent: Sunday, July 27, 2003 8:26 AM To: Access Developers discussion and problem solving Subject: RE: [AccessD] no-ip.com Euh, did you need to open port 80 on your router/firewall to make your webserver work? If not, you have a serious security prob.... This could mean that everything is wide open... Erwin -----Oorspronkelijk bericht----- Van: jcolby at colbyconsulting.com [mailto:jcolby at colbyconsulting.com] Verzonden: zondag 27 juli 2003 2:03 Aan: Access Developers discussion and problem solving Onderwerp: RE: [AccessD] no-ip.com Erwin, Apparently I didn't need to place either computer in the DMZ. John W. Colby www.colbyconsulting.com -----Original Message----- From: accessd-bounces at databaseadvisors.com [mailto:accessd-bounces at databaseadvisors.com]On Behalf Of Erwin Craps Sent: Saturday, July 26, 2003 6:02 PM To: Access Developers discussion and problem solving Subject: RE: [AccessD] no-ip.com John Placing a computer in the DMZ does mean that you fully or partialy bypass the firewall (depends on the router/configuration). Make sure that you windows update your pc weekly... And try to be sure that you only open the ports you need (80 for http). My server (fixed IP) gets about 500 (serious and non-serious) attempts per hour to infect/hack. A server, with no updates, that you put on-line will be infected/hacked within 10 minutes... I see this every time I put a server on-line (attempts of course)... I recently read that 90% of hacks are beeing done after MS release a security fix. It's like showing the way. Erwin -----Oorspronkelijk bericht----- Van: jcolby at colbyconsulting.com [mailto:jcolby at colbyconsulting.com] Verzonden: zaterdag 26 juli 2003 23:49 Aan: Access Developers discussion and problem solving Onderwerp: RE: [AccessD] no-ip.com William, Glad to see your head is above water again. I haven't seen a trace of you for a LONG time. BTW, Lembit was asking about you the other day, you might want to say hi to him. Yea, Robbie is a wonderful little boy and owns my heart. Strange how that happens. And yea, I'm doing pretty good under his care. ;-) John W. Colby www.colbyconsulting.com -----Original Message----- From: accessd-bounces at databaseadvisors.com [mailto:accessd-bounces at databaseadvisors.com]On Behalf Of William Hindman Sent: Saturday, July 26, 2003 2:55 PM To: Access Developers discussion and problem solving Subject: Re: [AccessD] no-ip.com ...you're definitely "out there" JC :) ...got both sites with no problem ...btw, good looking boy ...looks like he's doing well under your wing :) William Hindman ...It's a proven fact that if you smoke a pack of cigarettes a day for 90 years, you'll live to a ripe old age. :))) ----- Original Message ----- From: <jcolby at colbyconsulting.com> To: "Access Developers discussion and problem solving" <accessd at databaseadvisors.com> Sent: Saturday, July 26, 2003 1:06 PM Subject: RE: [AccessD] no-ip.com > Hmmm... well, I am now able to see my server, through no-ip.com from > my workstation without (AFAICT) EITHER computer being in the DMZ. > > If anyone wants to verify that I am out there, go to > http://colbyconsulting.no-ip.com . You should be redirected to the > same thing with a "hole" number on the end, though you may not notice > this as it > flashes in the status bar below briefly. Then something that looks > like my > site will appear. You can tell it isn't my site because the button > "meet my > son" isn't in the lower left. > > I will be using this site to test my ASP.Net stuff. I have the .Net > framework installed and working with IIS on this server and can > (across my > LAN) display pages making calls to the .net framework. Very soon we shall > see stuff here. > > John W. Colby > www.colbyconsulting.com _______________________________________________ AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com _______________________________________________ AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com _______________________________________________ AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com _______________________________________________ AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com _______________________________________________ AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com _______________________________________________ AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com