Hi John, Thank you for the comments! And thanks to others as well who have responded; we'll let the conversation continue longer before we present anything to Broad IT.
On Sat, Aug 8, 2015 at 5:05 PM, john hood <cg...@glup.org> wrote: > > When you say "login server", what exactly do you mean? Is this a > bastion host that you can ssh to, and then connect to internal hosts > from? (That's what I'll assume here.) > It's not a bastion host. As far as I understand, the 'login servers' have full access to all filesystems/data, programs, etc. that an internal host would have. I believe it is inside the firewall. It does not run iptables, so there may be some kind of device sitting in front of it. The primary difference between it and an internal host is that it is accessible to the outside world but imposes strict memory limits on users (10 MB) and offers just 1 virtualized core. So a user would generally ssh into this and then connect to an internal host (with more resources). I'm not aware of any bastion host at the Broad. > Is the concern here that servers running Mosh could be used as DDoS > reflectors, or that opening UDP ports would allow Broad-internal hosts > to be useful for DDoS bots wanting to generate UDP? > The team's primary concern is the first issue, which you addressed well. Best, Hayden
_______________________________________________ mosh-devel mailing list mosh-devel@mit.edu http://mailman.mit.edu/mailman/listinfo/mosh-devel
