Dynamic public IP-address / Call – Home

Assume you do have a computer connected to the Internet which obtains it’s public IP-address dynamicly.
Some providers like 1und1 in Germany require that the xDSL line is reset every day at least one time. At that moment you obtain a new IP-address from a pool of addresses.

Privacy
This dynamic IP-address is great if you would like to be kind of anonymous. Today you (a single male of 23) are using this address from Berlin visiting all kinds of movie sites and tomorrow a grandma (married, female 67) from Aachen is visiting sites about hand-kniting. This makes that IP-address unusable as (primary) key to create a profile of the user. Good for your privacy!

Finding your computer
But what when you would like to find your computer from the Internet to download files from or to administrate it via SSH ? Or your computer is acting as a server for a (small) website? The public IP-address is changing every day, so every day this computer has to tell it’s address to a well known node at the Internet. Somebody who wants to access the services at your computer, like the Apache webserver, SSH- or FTP-daemon can lookup your computer’s IP-address at this well known node.

Solution
An elegant solution for this is to put the IP-address in a domain name server (DNS) where it is linked to a hostname. From that moment you can access your webserver from the Internet using a fully qualified hostname which stays the same over years. i.e. http://myserver.dnsservice.de which translates to the IP-address of the day. Dyn.com is offering you such a service for free. You can select from some domains and use your desired hostname when this is still free under the domain. Dyn.com offers you a client which updates the DNS-record at Dyn.com automaticly when you get a new IP-address. Also some xDSL-modems/routers have a build-in client which fulfill the same task.

Updating DNS-record fails
But what when your modem/router is only updating one time when it obtains a new public IP-address and this update fails? Your computer is not accessible by you because you don’t know it’s address. You also can’t force the xDSL-modem to retry to update the DNS-record because you don’t know the public IP-address of the modem. Now you do have two solutions:

  1. Physically visit your computer and check the IP-address;
  2. Wait till the next reset of the xDSL-line and hope the DNS-record is updated with the new IP-address;

Call-Home
Uhm not really comfortable solutions. So as fall back I introduced a task at my computer which is run periodically. This task talks with a computer with a static IP-address. Everytime the computer with dynamic IP-address calls the other computer it leaves a trail behind with the current IP-address. In that way it gives away how to connect today to this computer. From that moment you can for example add the hostname/IP-address combination, till the next update, in your local hosts file (/etc/hosts). Or update the DNS-record for your computer manually at Dyn.com.

Task (Linux)
The task I use to ‘call home’ is a cronjob which is executed every 10 minutes.

  1. Make sure you have installed crontab.
  2. Create a new entry (as root): crontab -e
    0-59/10 * * * * nc host-with-static-ip-somedomain.com 22 -e quit

This cron job will try to connect every 10 minutes to port 22 of host-with-static-ip-somedomain.com and before submitting some kind of data it disconnects.

At the ‘other side’ (at host-with-static-ip-somedomain.com) you will see log entries in the file: /var/log/auth.log
Oct 20 07:29:03 localhost sshd[6011]: Did not receive identification string from 1.2.3.4

This line is an indication that somebody tries to connect to your SSH-daemon without using the correct protocol. Normally this is a sign that somebody does a portscan and/or attacks your computer. In this case you are the source of this activity and here 1.2.3.4 is the IP-address of the wanted computer. Note that you possibly also see several log lines of real attackers. To find the IP-address of the desired computer also take the IP-address range of your provider into account (netblock owner).

Read more