Jump to content

Use of ${sys.extIP} variable in notifications

larryllix

By larryllix
in Product Requests

Recommended Posts

MWareman Advanced

MWareman

Posted
Posted

File/Enable Internet Access actually uses upnp to setup the port forward. The router notifies ISY of the external all IP and port.

 

If you are security conscious, you'll disable upnp on your router and use a manual port forward. Relying on that mechanism would require re-enabling upnp by default, a bad (security) move in my opinion.

Link to comment
larryllix Advanced

larryllix

Posted
  • Author
Posted

Back to the thread subject ISY already knows what your external IP address is and making it available should not present any great programming difficulty IMHO.

 

Being able to send out the external IP address in a notification would be a great tool to avoid Cloud usage where people can keep a database on your access traffic methods.

Link to comment
MWareman Advanced

MWareman

Posted
Posted

ISY already knows what your external IP address is

 

Mostly not true. ISY only knows what the external IP address is IF you have a upnp enabled router, have enabled upnp on ISY *and* the ISY admin has 'enabled' Internet access. Even then - the router will tell ISY the IP - it's not a case of the ISY 'detecting' it.  The router is the 'owner' of the address and it should be the router's responsibility to report any changes to a ddns service. Plere are plenty of free ones out there!

 

90% (or more) of ISY owners leave upnp off on their router - because it creates a significant security hole whereby command and control based malware can easily create port forwarding rules to 'own' your data. I strongly discourage use of upnp for port forwarding.

 

Given that most people do not enable upnp - it's a safe bet that for most people ISY has no knowledge of the external address.

Link to comment
chrishick Experienced

chrishick

Posted
Posted

"IF" the ISY is wan IP aware I would think it would be very simple to add the capability to email as a system variable. I don't know enough (or care enough) to comment on the ISY's connectivity awareness though.

 

Why would you want to cut and paste an IP address from an email into mobilink every time your IP address changes when there are so many DDNS options out there? As Michel said, it's built into dlink? routers, it's built into my Foscam cameras and I'm sure many other devices. I use Foscam and it works perfectly, but I also use noip.com The free version only requires you log in once every 30 days. I get a reminder email from them and click the link, pretty easy.

 

I've got MobiLinc, IP Cam Viewer, Blue Iris and iRule on my iPhone. No way I want to update the IP address in each app every time it changes. I like my DDNS!

 

 

Sent from my iPad using Tapatalk

Link to comment
MWareman Advanced

MWareman

Posted
Posted

I use DNS.he.net. Custom domain, full DNS hosting, ddns support. And HE (Hurricane Electric) are a major transit provider (at work, we buy capacity from them, level3 and Cogent). This DNS service has been 100% reliable for me!

Link to comment
larryllix Advanced

larryllix

Posted
  • Author
Posted

Mostly not true. ISY only knows what the external IP address is IF you have a upnp enabled router, have enabled upnp on ISY *and* the ISY admin has 'enabled' Internet access. Even then - the router will tell ISY the IP - it's not a case of the ISY 'detecting' it.  The router is the 'owner' of the address and it should be the router's responsibility to report any changes to a ddns service. Plere are plenty of free ones out there!

 

90% (or more) of ISY owners leave upnp off on their router - because it creates a significant security hole whereby command and control based malware can easily create port forwarding rules to 'own' your data. I strongly discourage use of upnp for port forwarding.

 

Given that most people do not enable upnp - it's a safe bet that for most people ISY has no knowledge of the external address.

OK I was never sure why there are two options on the ISY, one to enable Internet access and one to enable UPNP.

 

I am not sure how the UPNP got turned on my router and in ISY. My router setting has a comment about being recommended to stay on. From the description it sounds like an ID beacon similar to SSID on Wi-Fi. It is turned off now and my other devices access appears to work OK still with the port forwarding. I haven't figured out the Security Certificate complication yet so have no access to ISY from remotes. hmmm... better check my MobiLinc before I leave.

 

Thanks for the heads up.

Link to comment
larryllix Advanced

larryllix

Posted
  • Author
Posted

"IF" the ISY is wan IP aware I would think it would be very simple to add the capability to email as a system variable. I don't know enough (or care enough) to comment on the ISY's connectivity awareness though.

 

Why would you want to cut and paste an IP address from an email into mobilink every time your IP address changes when there are so many DDNS options out there? As Michel said, it's built into dlink? routers, it's built into my Foscam cameras and I'm sure many other devices. I use Foscam and it works perfectly, but I also use noip.com The free version only requires you log in once every 30 days. I get a reminder email from them and click the link, pretty easy.

 

I've got MobiLinc, IP Cam Viewer, Blue Iris and iRule on my iPhone. No way I want to update the IP address in each app every time it changes. I like my DDNS!

 

 

Sent from my iPad using Tapatalk

People want to cut 'n paste an IP address because they don't want the Cloud dependence on a DDNS service being able to easily snoop through their IP addresses, access ports and possibly monitor their data stream , or just shut down because, like over 200 Google services, they just don't feel like  doing it anymore.  I use a DDNS service, also, but the freebies are there for a reason and the reason will be to charge money eventually. I also don't want to pay for services everywhere, if it can be helped.  It can be. I don't want to change my DDNS provider everytime some DDNS service decides they have had enough either.

 

http://en.wikipedia.org/wiki/Category:Discontinued_Google_services

http://www.digitaltrends.com/mobile/google-services-apps-discontinued-2013

Link to comment
chrishick Experienced

chrishick

Posted
Posted

To each his own. Somebody having my public IP address is like somebody having my phone number, they can't do much with that info. People scan for open ports all day long regardless if you are using a DDNS service. If big brother wants to scan your data stream they don't need your public IP address to do that.

 

If my free DDNS decides to start charging a fee, well, I'll switch to another.

 

I totally understand your concerns and everybody has their own comfort level when exposing themselves to the Internet, but personally, I'll deal with the risks for the convenience offered. Maybe I'm naive but that's how I roll.

 

Cheers.

Link to comment

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...