HOWTO: Security
Gary E. Miller
gem at rellim.com
Tue May 24 21:38:23 UTC 2016
Yo Eric!
On Tue, 24 May 2016 17:33:06 -0400
"Eric S. Raymond" <esr at thyrsus.com> wrote:
> Hal Murray <hmurray at megapathdsl.net>:
> >
> > esr at thyrsus.com said:
> > > See my reply to Gary and your text about NATs and firewalls.
> > > Nobody has convinced me that this procedure *isn't* taking
> > > security seriously, nor will they until I understand how any
> > > machine other than the one I port-forward to is visible to
> > > outsiders.
> >
> > Your mention of port-forward assumes you are behind a NAT box.
> > That's not true in all setups.
>
> Would it suffice to say "Never put a Pi on an un-NATted address until
> you have removed the default account?"
Most people's NATs leak a lot. Or they have IPv6 end around.
Just change the password, to a good one, the FIRST step.
> > Gary's comments about IPv6 are important, at least in theory.
> > lastb doesn't show me any probes from IPv6 addresses on the
> > machines I looked at. I'm guessing the bad guys aren't geared up
> > to scan IPv6 yet. Brute force isn't going to find interesting
> > targets - there are too many bits in IPv6 addresses. I wonder when
> > the bad guys will be selling IPv6 addresses the same way they sell
> > email addresses.
>
> I also don't see any IPv6 probes. This may turn out to be important.
That will change. IPv6 adoption is growing. And you are a target.
Until you know how you were hacked earlier this year you do not know
this was not how. And then you don't know if this one is next.
The primary defense is simple, change passwords FIRST.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ntpsec.org/pipermail/devel/attachments/20160524/0e593377/attachment.bin>
More information about the devel
mailing list