Re: [gpsd-dev] HOWTO: Security

[Gary E. Miller]

Yo Eric!

On Tue, 24 May 2016 17:33:06 -0400
"Eric S. Raymond" <address@hidden> wrote:

> Hal Murray <address@hidden>:
> > 
> > address@hidden said:  
> > > See my reply to Gary and your text about NATs and firewalls.
> > > Nobody has convinced me that this procedure *isn't* taking
> > > security seriously, nor will they until I understand how any
> > > machine other than the one I port-forward to is visible to
> > > outsiders.   
> > 
> > Your mention of port-forward assumes you are behind a NAT box.
> > That's not true in all setups.  
> 
> Would it suffice to say "Never put a Pi on an un-NATted address until
> you have removed the default account?"

Most people's NATs leak a lot.  Or they have IPv6 end around.

Just change the password, to a good one, the FIRST step.

> > Gary's comments about IPv6 are important, at least in theory.
> > lastb doesn't show me any probes from IPv6 addresses on the
> > machines I looked at.  I'm guessing the bad guys aren't geared up
> > to scan IPv6 yet.  Brute force isn't going to find interesting
> > targets - there are too many bits in IPv6 addresses.  I wonder when
> > the bad guys will be selling IPv6 addresses the same way they sell
> > email addresses.  
> 
> I also don't see any IPv6 probes.  This may turn out to be important.

That will change.  IPv6 adoption is growing.  And you are a target.

Until you know how you were hacked earlier this year you do not know
this was not how.  And then you don't know if this one is next.

The primary defense is simple, change passwords FIRST.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
        address@hidden  Tel:+1 541 382 8588

pgpZGwIwHjkM0.pgp
Description: OpenPGP digital signature