gpsd-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gpsd-dev] HOWTO: Security


From: Eric S. Raymond
Subject: Re: [gpsd-dev] HOWTO: Security
Date: Tue, 24 May 2016 17:33:06 -0400
User-agent: Mutt/1.5.23 (2014-03-12)

Hal Murray <address@hidden>:
> 
> address@hidden said:
> > See my reply to Gary and your text about NATs and firewalls.  Nobody has
> > convinced me that this procedure *isn't* taking security seriously, nor will
> > they until I understand how any machine other than the one I port-forward to
> > is visible to outsiders. 
> 
> Your mention of port-forward assumes you are behind a NAT box.  That's not 
> true in all setups.

Would it suffice to say "Never put a Pi on an un-NATted address until you
have removed the default account?"

> Try "lastb | grep pi -w" on your bastion machine to get an indication of how 
> persistent the bad guys are.  I'm averaging one a day.  You can do the math.  
> It's far from a sure thing, but there are too many stories out there along 
> the lines of "my box was hacked within 5 minutes".

I see it.

> Gary's comments about IPv6 are important, at least in theory.  lastb doesn't 
> show me any probes from IPv6 addresses on the machines I looked at.  I'm 
> guessing the bad guys aren't geared up to scan IPv6 yet.  Brute force isn't 
> going to find interesting targets - there are too many bits in IPv6 
> addresses.  I wonder when the bad guys will be selling IPv6 addresses the 
> same way they sell email addresses.

I also don't see any IPv6 probes.  This may turn out to be important.
-- 
                <a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>



reply via email to

[Prev in Thread] Current Thread [Next in Thread]