Just bought a domain, setting up a couple server applications for the first time

I recently bought a domain, mainly for website experimentation, game servers and a ventrillo.

I'm running all this from my home computer, and I am using freedns.afraid.org as my ddns nameserver.

I'm able to host my ventrillo and my game server, however you can access either of them from any of my subdomains.

I would like specific programs to only work with specific ports, but I can't seem to find a way to make this happen.

So in my Ventrillo subdomain, I try putting in the IP address in the destination as "MyIPAddress:PortNumber" , but it says its an invalid IP address. The ddns client I use doesn't have any options to change the ports on the connections either. Am I just missing something here, or is there no way to tie specific server applications to specific ports with a subdomain?

I also am curious as to how hosting this domain will affect my pc security.

I'm running this on a Windows 7 pc. I know its best to have a stand alone computer for this stuff, but like I said its only experimental and I don't plan on running these more than a couple hours a day, if that. Are there any steps I need to take to increase my security, beyond basic Windows security measures?

Samurai Waffle

Posted 2011-12-20T13:17:26.360

Reputation: 77

Answers

Since all of your subdomains point to the IP address, all of your servers will listen to requests sent to every hostname. A server can listen on a port on an IP address. You can not have any further granularity. Depending on the server application, you may be able to respond differently if a different hostname is used.

For example, an HTTP server can read the header of an HTTP packet to see what hostname was used to contact it and display a different site accordingly. However, an HTTPS server can't seamlessly do this because it has to decrypt the packet with the right keys before it can see what hostname was used. If it identifies itself with the wrong key then your browser will give a warning about the SSL certificate belonging to the wrong server.

In terms of security, any server you have running exposed to the internet will have unknown or maybe even known security flaws. Once discovered and exploited, an attack will have access at the same level as the compromised server application. Once any access to a system is gained, privilege escalation is typically very easy.

So, you must keep your OS and server applications up to date. You should also use a firewall to restrict access to the specific ports you are listening on for your services.

Jeff Strunk

Posted 2011-12-20T13:17:26.360

Reputation: 331