[gpsd-dev] HOWTO: Security

Gary E. Miller gem at rellim.com
Tue May 24 21:08:35 UTC 2016


Yo Hal!

On Tue, 24 May 2016 13:47:48 -0700
Hal Murray <hmurray at megapathdsl.net> wrote:

> esr at thyrsus.com said:
> > See my reply to Gary and your text about NATs and firewalls.
> > Nobody has convinced me that this procedure *isn't* taking security
> > seriously, nor will they until I understand how any machine other
> > than the one I port-forward to is visible to outsiders.   
> 
> Your mention of port-forward assumes you are behind a NAT box.
> That's not true in all setups.

And not even true in Eric's setup.  His pi's have public IPv6 addresses!

No NAT, no firewall, wide open to the world!

> Try "lastb | grep pi -w" on your bastion machine to get an indication
> of how persistent the bad guys are.  I'm averaging one a day.  You
> can do the math. It's far from a sure thing, but there are too many
> stories out there along the lines of "my box was hacked within 5
> minutes".

And that is just on user: pi.  They try a ton of them: root, admin,
webmaster, etc.

> Gary's comments about IPv6 are important, at least in theory.

More than theory, many known hacks.  Many people already caught 
harvesting good IPv6 addresses.

> I'm guessing the bad guys aren't geared up to scan IPv6
> yet.

Right, but they use other techniques.  This is not the place to go into
the details, but if you google it you will see it can be pretty easy
to find all your IPv6 addresses.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ntpsec.org/pipermail/devel/attachments/20160524/dd708dce/attachment.bin>


More information about the devel mailing list