Re: [gpsd-dev] HOWTO: Security

[Gary E. Miller]

Yo Hal!

On Tue, 24 May 2016 13:47:48 -0700
Hal Murray <address@hidden> wrote:

> address@hidden said:
> > See my reply to Gary and your text about NATs and firewalls.
> > Nobody has convinced me that this procedure *isn't* taking security
> > seriously, nor will they until I understand how any machine other
> > than the one I port-forward to is visible to outsiders.   
> 
> Your mention of port-forward assumes you are behind a NAT box.
> That's not true in all setups.

And not even true in Eric's setup.  His pi's have public IPv6 addresses!

No NAT, no firewall, wide open to the world!

> Try "lastb | grep pi -w" on your bastion machine to get an indication
> of how persistent the bad guys are.  I'm averaging one a day.  You
> can do the math. It's far from a sure thing, but there are too many
> stories out there along the lines of "my box was hacked within 5
> minutes".

And that is just on user: pi.  They try a ton of them: root, admin,
webmaster, etc.

> Gary's comments about IPv6 are important, at least in theory.

More than theory, many known hacks.  Many people already caught 
harvesting good IPv6 addresses.

> I'm guessing the bad guys aren't geared up to scan IPv6
> yet.

Right, but they use other techniques.  This is not the place to go into
the details, but if you google it you will see it can be pretty easy
to find all your IPv6 addresses.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
        address@hidden  Tel:+1 541 382 8588

pgpUBM9R4AXEW.pgp
Description: OpenPGP digital signature