[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gpsd-dev] HOWTO: Security
From: |
Eric S. Raymond |
Subject: |
Re: [gpsd-dev] HOWTO: Security |
Date: |
Tue, 24 May 2016 17:33:06 -0400 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
Hal Murray <address@hidden>:
>
> address@hidden said:
> > See my reply to Gary and your text about NATs and firewalls. Nobody has
> > convinced me that this procedure *isn't* taking security seriously, nor will
> > they until I understand how any machine other than the one I port-forward to
> > is visible to outsiders.
>
> Your mention of port-forward assumes you are behind a NAT box. That's not
> true in all setups.
Would it suffice to say "Never put a Pi on an un-NATted address until you
have removed the default account?"
> Try "lastb | grep pi -w" on your bastion machine to get an indication of how
> persistent the bad guys are. I'm averaging one a day. You can do the math.
> It's far from a sure thing, but there are too many stories out there along
> the lines of "my box was hacked within 5 minutes".
I see it.
> Gary's comments about IPv6 are important, at least in theory. lastb doesn't
> show me any probes from IPv6 addresses on the machines I looked at. I'm
> guessing the bad guys aren't geared up to scan IPv6 yet. Brute force isn't
> going to find interesting targets - there are too many bits in IPv6
> addresses. I wonder when the bad guys will be selling IPv6 addresses the
> same way they sell email addresses.
I also don't see any IPv6 probes. This may turn out to be important.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
- Re: [gpsd-dev] Draft Stratum 1 Microserver HOWTO is up, (continued)
- Re: [gpsd-dev] Draft Stratum 1 Microserver HOWTO is up, Clark B. Wierda, 2016/05/21
- Re: [gpsd-dev] Draft Stratum 1 Microserver HOWTO is up, Eric S. Raymond, 2016/05/21
- Re: [gpsd-dev] Draft Stratum 1 Microserver HOWTO is up, Gary E. Miller, 2016/05/21
- Re: [gpsd-dev] Draft Stratum 1 Microserver HOWTO is up, Hal Murray, 2016/05/22
- Re: [gpsd-dev] Draft Stratum 1 Microserver HOWTO is up, Eric S. Raymond, 2016/05/24
- Re: [gpsd-dev] Draft Stratum 1 Microserver HOWTO is up, Paul Fertser, 2016/05/24
- Re: [gpsd-dev] Draft Stratum 1 Microserver HOWTO is up, Eric S. Raymond, 2016/05/24
- Re: [gpsd-dev] Draft Stratum 1 Microserver HOWTO is up, Gary E. Miller, 2016/05/24
- [gpsd-dev] HOWTO: Security, Hal Murray, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Gary E. Miller, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security,
Eric S. Raymond <=
- Re: [gpsd-dev] HOWTO: Security, Gary E. Miller, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Paul Fertser, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Eric S. Raymond, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Gary E. Miller, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Eric S. Raymond, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Gary E. Miller, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Eric S. Raymond, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Kurt Roeckx, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Gary E. Miller, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Eric S. Raymond, 2016/05/24