As I have shared before, networking is my weakness when it comes to computer gadgets.  I’m getting there, though.

What is the difference between the two?  Why is static IP supposedly better? Please be very specific, so I can understand why.  Thanks all!

Where did you hear that static IP was supposedly better? There’s no clear cut answer to this. It simply depends on what your intentions and needs are.

Here’s an interesting article between the two: http://searchwebservices.techtarget.com/sDefinition/0,,sid26_gci520967,00.html

Thanks, gr00vy0ne.  The article answered a few questions.  However, I guess I am looking for the pros and cons of both.  I only heard Staic IP is better because its like having a permanent address instead of a mobile home.  (I hope that analogy makes sense).  My concern is that with Static IP you could be a sitting duck for hackers, right?  :?

Static is good if you need to use port forwarding or you want to remote desktop connect or for some reason you need a specific IP all the time…VPN for example.

Otherwise, Dynamic is considered more secure as it changes and therefore doesn’t leave a ‘trace’ that a hacker can keep going back to if he finds a way into your system.

That being said, both a static and dynamic IP can be hacked.

Quick answer…unless you need static or have problems with your dynamic, stick with dynamic.

Erik

You’re confusing two different things. I think what you’re talking about is the IP address of your cable/DSL modem. The reason some people like it static is so that they can always be able to connect directly to their home network for things like a mail server, FTP or web server. If you don’t have any servers at home and don’t have to connect directly with any machine on your home network from the outside, dynamic will be just fine. I have a hostname at dyndns.org, so I can connect to my home if need be even though my cable modem is on a dynamic IP. You’re really no more or less of a hacking target either way. Most script kiddies will use port scanners to find exploitable boxes. The most common exploits are spyware and viruses anyway.

For the inside of your network (the address your TR actually gets), dynamic will be easier as long as your router (or some server) is doing DHCP. That way plugging into any other network with DHCP running on it is trivial (Starbucks, work, LAN party, etc).

But you are…

For example…if I find a hole in 1.1.1.1 and I know he has a crazy amount of Mp3s I might try to get in tomorrow and the next day and the next day. If his IP is dynamic, i’ll get him once, next time his ISP gives him a new IP he won’t be 1.1.1.1 and I won’t be able to find him.

Erik

Granted, but the overall risk is still similar. A successful attack is probably going to result in additional exploits being installed, so a port scan is probably going to find the box again, whether it’s the same script kiddie or not. Also, with the average length of a DHCP lease on some cable providers, I’ve seen people go over a year on the same IP address.

Thanks so much guys for the feedback!  I certainly have a lot to learn about this stuff. 

It sounds as if Dynamic is the way for me since I do not need access from the “outside” as Drachen pointed out. 

Does the type of firewall determine whether or not someone could exploit you via a port scan?

Dumb question…what’s a script kiddie?

Static or dynamic IP assignments are exactly the same thing from a network perspective. Let’s just say that “the internet” does not know who is managing your IP assignment.  If your IP is assigned by a DHCP server or if the network is configured for you to use always the same one does not make any difference in terms of forwarding ports or setting up a VPN. The only change is how often you have to update your DNS records in case you want to use one or more domain names with your IPs.

Things like transparent proxies, port blocking, NATs, etc are far more important in what you can do with your connection than who assigns your IP address.

Best regards,
Marcelo

A port scan is just a quick check to see if there are specific ports in your connection responding to requests.  Think of it like someone walking outside your house checking to see if there is a window or door open or unlocked.  It is just an inspection… not an “exploit”.  Obviously, finding out that a window is unlocked facilitates entering into your house, but it does not necessarily mean that your system is unsafe…. it just means that a window is open   An exploit is the use of one or more system vulnerabilities to perform an action supposedly not permited.  So… a port scan is not an exploit

[quote author=“TruthSeeker”]Dumb question…what’s a script kiddie?

Me about 30 years ago? It’s someone that just runs scripts or tools to attempt to exploit vulnerabilities, without knowing what he is actually doing and what is even worst, without even caring to learn from what is happening.

Regards,
Marcelo