On Sat, 27 Sep 2008 16:09:58 +0200
Dexter Filmore <[EMAIL PROTECTED]> wrote:
> I'm still searching for a way to knock ports from any mobile so I don't need
> to have a computer with my favorite knocking client around...
Not exactly what you want, but have you considered ostiary?
http://ingles.h
Am Freitag, 19. September 2008 16:24:32 schrieb Andrei Popescu:
> On Fri,19.Sep.08, 16:17:11, Dexter Filmore wrote:
> > Extra paranoia: forward a different port than 22, lets say (inet) to
> > 22 (lan/vm) and conf the client script to connect to that port. reduces
> > port 22 attacks a great de
On Fri,19.Sep.08, 16:17:11, Dexter Filmore wrote:
> Extra paranoia: forward a different port than 22, lets say (inet) to 22
> (lan/vm) and conf the client script to connect to that port. reduces port 22
> attacks a great deal.
Security by obscurity, but what the heck... (I was already doing
Am Mittwoch, 10. September 2008 20:03:08 schrieb Andrei Popescu:
> On Wed,10.Sep.08, 19:50:04, Dexter Filmore wrote:
> > I use a virtual machine for support and have my router forward ssh there.
> > Something simple with fluxbox or even no X at all, should fit a 32MB VM
> > and come up within a bli
Chris Davies <[EMAIL PROTECTED]> wrote:
> There isn't anything "scary technical" other than installing the OpenVPN
> software on the Windows PC, telling it to run as a Service, and then
Johannes Wiedersich <[EMAIL PROTECTED]> wrote:
> Where did you get this [Windows]? OP was talking about [Lenny]
On 2008-09-12 12:07, Chris Davies wrote:
> There isn't anything "scary technical" other than installing the OpenVPN
> software on the Windows PC, telling it to run as a Service, and then
^^^
Where did you get this? OP was talking about:
On 2008-09-08 23:48, Andrei Popescu
>> I'm struggling to see how to explain it more simply, sorry.
Ron Johnson <[EMAIL PROTECTED]> wrote:
> I think he doesn't want to rely on his mother to have to do anything
> "scary technical".
There isn't anything "scary technical" other than installing the OpenVPN
software on the Windows PC, t
On Wed,10.Sep.08, 13:53:00, nate wrote:
> Andrei Popescu wrote:
>
> > But how can I prevent a possible attacker to abuse this setup to access
> > my laptop?
>
> What's the likelihood an attacker will even care that the
> system can access your laptop? What's the likelihood that an
> attacker will
On Tue, Sep 09, 2008 at 10:42:31PM +0300, Andrei Popescu wrote:
> On Tue,09.Sep.08, 13:50:05, François Cerbelle wrote:
>
> [...]
>
> > Now, you have to protect the admin box from an attack initiated from the
> > NATted box (mother's). Because this box is unsure. So, you set iptables
> > rules on
On Tue, Sep 09, 2008 at 01:50:05PM +0200, François Cerbelle wrote:
>
> Le Mar 9 septembre 2008 13:39, Alex Samad a écrit :
> [...]
> > don't see the difference between connectivity via the internet or via an
> > openvpn network, if your rule states only allow ssh (+ related traffic +
> > only if i
Andrei Popescu wrote:
> But how can I prevent a possible attacker to abuse this setup to access
> my laptop?
What's the likelihood an attacker will even care that the
system can access your laptop? What's the likelihood that an
attacker will even get access to the other system? Your
paranoia goes
On Wed,10.Sep.08, 19:50:04, Dexter Filmore wrote:
> I use a virtual machine for support and have my router forward ssh there.
> Something simple with fluxbox or even no X at all, should fit a 32MB VM and
> come up within a blink of an eye. For extra paranoia you can revert to a
> clean snapsho
On Wed,10.Sep.08, 17:15:41, Chris Davies wrote:
> Andrei Popescu <[EMAIL PROTECTED]> wrote:
> > Maybe I'm dense, but I still don't see the benefits compared to a ssh
> > tunnel.
>
> You have already pointed out that you can't use an ssh tunnel.
>
> Your mother's PC is behind at least one layer o
Am Montag, 8. September 2008 23:48:21 schrieb Andrei Popescu:
> Hi,
>
> Recently my mother (running Lenny) switched ISPs and is now behind a
> NAT, which makes direct ssh access impossible. A reverse ssh tunnel can
> solve this, but having her type a passphrase every time is hmm...
> unrealistic.
>
On 09/10/08 11:15, Chris Davies wrote:
Andrei Popescu <[EMAIL PROTECTED]> wrote:
Maybe I'm dense, but I still don't see the benefits compared to a ssh
tunnel.
You have already pointed out that you can't use an ssh tunnel.
Your mother's PC is behind at least one layer of NAT, so any connection
Andrei Popescu <[EMAIL PROTECTED]> wrote:
> Maybe I'm dense, but I still don't see the benefits compared to a ssh
> tunnel.
You have already pointed out that you can't use an ssh tunnel.
Your mother's PC is behind at least one layer of NAT, so any connection
must be instantiated from there. Star
On 09/09/2008 03:13:52 AM, Steve Lamb wrote:
On Tue, Sep 09, 2008 at 10:08:10AM +0300, Andrei Popescu wrote:
> This is not unusual here.
Here being? Somewhere in +0300 is kinda broad. :D
--
Steve C. Lamb | But who can decide what they dream
PGP Key: 1FC01004
On Tue,09.Sep.08, 12:52:19, nate wrote:
> How about using a SSH agent ? type the passphrase once for the
> session.
>
> This describes ssh agent and agent forwarding pretty well:
> http://www.unixwiz.net/techtips/ssh-agent-forwarding.html
I'm familiar with ssh-agent (using it myself). The issue
On Tue,09.Sep.08, 00:48:21, Andrei Popescu wrote:
> Hi,
>
> Recently my mother (running Lenny) switched ISPs and is now behind a
> NAT, which makes direct ssh access impossible. A reverse ssh tunnel can
> solve this, but having her type a passphrase every time is hmm...
> unrealistic.
>
> If
Andrei Popescu wrote:
> On Tue,09.Sep.08, 00:48:21, Andrei Popescu wrote:
>> Hi,
>>
>> Recently my mother (running Lenny) switched ISPs and is now behind a
>> NAT, which makes direct ssh access impossible. A reverse ssh tunnel can
>> solve this, but having her type a passphrase every time is hmm...
On Tue,09.Sep.08, 13:50:05, François Cerbelle wrote:
[...]
> Now, you have to protect the admin box from an attack initiated from the
> NATted box (mother's). Because this box is unsure. So, you set iptables
> rules on the admin box to filter every byte which comes from the NATted
> box.
Yes, t
On Tue,09.Sep.08, 10:12:40, Chris Davies wrote:
[...]
> No, you're not too paranoid, but I think you've missed the point of
> the suggestion.
>
> Install OpenVPN on both your mother's PC and your system. Set her PC's
> installation to establish the connection to yours. Use the builtin ping
> op
Le Mar 9 septembre 2008 13:39, Alex Samad a écrit :
[...]
> don't see the difference between connectivity via the internet or via an
> openvpn network, if your rule states only allow ssh (+ related traffic +
> only if it originates from your machine )
> over the openvpn network
If you forget the
On Tue, Sep 09, 2008 at 01:12:28AM +0300, Andrei Popescu wrote:
> On Tue,09.Sep.08, 07:51:30, Alex Samad wrote:
>
> > > Or do you have any other ideas?
> >
> > openvpn + iptables.
> >
> > Use openvpn with cert's to create a tunnel and then use iptables on your
> > end to block any traffic, unti
Andrei Popescu <[EMAIL PROTECTED]> wrote:
> [-- text/plain, encoding quoted-printable, charset: us-ascii, 20 lines --]
> On Tue,09.Sep.08, 07:51:30, Alex Samad wrote:
>> > Or do you have any other ideas?
>>
>> openvpn + iptables.
>>
>> Use openvpn with cert's to create a tunnel and then use ipta
On Tue,09.Sep.08, 00:13:52, Steve Lamb wrote:
> On Tue, Sep 09, 2008 at 10:08:10AM +0300, Andrei Popescu wrote:
> > This is not unusual here.
>
> Here being? Somewhere in +0300 is kinda broad. :D
I'm using gmail via SMTP so you could have just run a whois on my IP and
found out I'm in Roma
On Tue, Sep 09, 2008 at 10:08:10AM +0300, Andrei Popescu wrote:
> This is not unusual here.
Here being? Somewhere in +0300 is kinda broad. :D
--
Steve C. Lamb | But who can decide what they dream
PGP Key: 1FC01004 | and dream I do
On Mon,08.Sep.08, 16:27:21, Chris Burkhardt wrote:
[...]
> > Of course the NAT at the ISP level?
>
> I've never heard of NAT at the ISP level. Are there really so few unallocated
> IPv4 addresses that this is necessary?
This is not unusual here.
Regards,
Andrei
--
If you can't explain it sim
On Mon, 08 Sep 2008 17:14:23 -0500
Ron Johnson <[EMAIL PROTECTED]> wrote:
> On 09/08/08 17:03, Andrei Popescu wrote:
> > On Mon,08.Sep.08, 16:52:52, Ron Johnson wrote:
> >
> > [...]
> >
> >> Port forwarding? Or is the NAT at the ISP level, which would prevent
> >> this?
> >
> > Of course...
>
On Mon,08.Sep.08, 17:14:23, Ron Johnson wrote:
> On 09/08/08 17:03, Andrei Popescu wrote:
>> On Mon,08.Sep.08, 16:52:52, Ron Johnson wrote:
>>
>> [...]
>>
>>> Port forwarding? Or is the NAT at the ISP level, which would prevent this?
>>
>> Of course...
>
> Of course the NAT at the ISP level?
Yes
On 09/08/08 17:03, Andrei Popescu wrote:
On Mon,08.Sep.08, 16:52:52, Ron Johnson wrote:
[...]
Port forwarding? Or is the NAT at the ISP level, which would prevent this?
Of course...
Of course the NAT at the ISP level?
--
Ron Johnson, Jr.
Jefferson LA USA
"Do not bite at the bait of ple
On Tue,09.Sep.08, 07:51:30, Alex Samad wrote:
> > Or do you have any other ideas?
>
> openvpn + iptables.
>
> Use openvpn with cert's to create a tunnel and then use iptables on your
> end to block any traffic, until you want to use it.
Of course I use iptables on my box and the firewalls inte
On Mon,08.Sep.08, 16:52:52, Ron Johnson wrote:
[...]
> Port forwarding? Or is the NAT at the ISP level, which would prevent this?
Of course...
Regards,
Andrei
--
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)
signature.asc
Description: Digital signatu
On 09/08/08 16:48, Andrei Popescu wrote:
Hi,
Recently my mother (running Lenny) switched ISPs and is now behind a
NAT, which makes direct ssh access impossible. A reverse ssh tunnel can
solve this, but having her type a passphrase every time is hmm...
unrealistic.
If I create a key without
On Tue, Sep 09, 2008 at 12:48:21AM +0300, Andrei Popescu wrote:
> Hi,
>
> Recently my mother (running Lenny) switched ISPs and is now behind a
> NAT, which makes direct ssh access impossible. A reverse ssh tunnel can
> solve this, but having her type a passphrase every time is hmm...
> unreali
Hi,
Recently my mother (running Lenny) switched ISPs and is now behind a
NAT, which makes direct ssh access impossible. A reverse ssh tunnel can
solve this, but having her type a passphrase every time is hmm...
unrealistic.
If I create a key without passphrase it would make my own system
vul
36 matches
Mail list logo
