gpsd-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gpsd-dev] Draft Stratum 1 Microserver HOWTO is up


From: Gary E. Miller
Subject: Re: [gpsd-dev] Draft Stratum 1 Microserver HOWTO is up
Date: Tue, 24 May 2016 13:04:12 -0700

Yo Eric!

On Tue, 24 May 2016 15:29:34 -0400
"Eric S. Raymond" <address@hidden> wrote:

> > The security section would obviously be generally useful.  It's
> > worth mentioning firewalls and/or NAT boxes.  I think there should
> > be a warning about plugging in a Pi that isn't protected one way or
> > the other.  
> 
> Agreed.  Added:
> 
>     Now check your security.  You need to be behind a NAT box or
> firewall for the next several steps.  If anyone on the public
> Internet can reach your SBC via ssh before you remove the default
> account, your Pi could be enslaved by an attack bot within minutes.

Since you had your server hacked already this year, you should be
one that knows a firewall is not good enough.  You must have good
passwords inside.

Do not advocate an M&M defense, prefer defense in depth.

> See my reply to Gary and your text about NATs and firewalls.  Nobody
> has convinced me that this procedure *isn't* taking security
> seriously, nor will they until I understand how any machine other
> than the one I port-forward to is visible to outsiders.

Since you are a person someone recently hacked, causing you some pain in
creating and distributing new credentials, don't you think it is proven
you are not taking security seriously enough?

Do you even know how you were hacked?

WAY too many people are getting hacked because their NAT/firewall is
on their IPv4 and not on the IPv6 that their ISP just turned on without
telling them..

Hmm, looking at your grelber, did you realize it already HAS a public
and not firewalled external IPv6 address? 

I have direct access to your dovecot, etc.  I bet you get dictionary
scan on it every day.

Your NAT is doing nothing for you.

So much for your security...

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
        address@hidden  Tel:+1 541 382 8588

Attachment: pgpT34bCtkhBu.pgp
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]