A bit convoluted question, but i'll do my best to explain the situation. I have an ISP issued router/modem. But whenever I check for my IP address on my PC, i get my public address. Furthermore, with any network scanning software, I can basically see all the other hosts under /21 (my mask) subnet(about 2000). They are are other customers of the ISP, and, i can even see the services they are running(like web servers etc.). Basically, my PC has public IP only. Whenever I host a web server or any other server like Telnet or SSH, it is freely available for access on the web. The question is, is this normal? And the second question is, how can i mitigate this? Can I put on a router between their modem and my pc, and how would i configure routers outward facing address, as it is changing all the time( ISP uses dhcp to assign addresses to their hosts)
1 Answers
ISP gave you a modem. Your pc is basically in a place where people usually place a home router. The view of the neighborhood that you describe is a typical router's view, i.e. if it opens SSH to the outside, the Internet can try to connect to it.
One drawback with the current setup is that you need extra care with any experiments on the public system, so they didn't impact the security.
To fix the situation, connect a typical home router external (public/internet) interface to the modem, and that's about it. The home router will be a separate box, that won't be so likely to be impacted by any experimental stuff. (Properly naming things, the routing functionality is irrelevant, you need a firewall and a masquerade, which is what a typical "home router" does).
- 13,812
- 5
- 41
- 55