Yo Hal! On Tue, 24 May 2016 13:47:48 -0700 Hal Murray <hmur...@megapathdsl.net> wrote:
> e...@thyrsus.com said:
> > See my reply to Gary and your text about NATs and firewalls.
> > Nobody has convinced me that this procedure *isn't* taking security
> > seriously, nor will they until I understand how any machine other
> > than the one I port-forward to is visible to outsiders.
>
> Your mention of port-forward assumes you are behind a NAT box.
> That's not true in all setups.
And not even true in Eric's setup. His pi's have public IPv6 addresses!
No NAT, no firewall, wide open to the world!
> Try "lastb | grep pi -w" on your bastion machine to get an indication
> of how persistent the bad guys are. I'm averaging one a day. You
> can do the math. It's far from a sure thing, but there are too many
> stories out there along the lines of "my box was hacked within 5
> minutes".
And that is just on user: pi. They try a ton of them: root, admin,
webmaster, etc.
> Gary's comments about IPv6 are important, at least in theory.
More than theory, many known hacks. Many people already caught
harvesting good IPv6 addresses.
> I'm guessing the bad guys aren't geared up to scan IPv6
> yet.
Right, but they use other techniques. This is not the place to go into
the details, but if you google it you will see it can be pretty easy
to find all your IPv6 addresses.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
pgpoWoXczK5EP.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
