If you’re building 4TB, I’t recommend raidz2 which doesn’t give you much
storage (4 x 1TB disks would give you <2TB of user storage). I have 5 x 1TB
raidz2 which gives me 2.82TB of user storage. This may have changed, but when I
went to ZFS you couldn’t add more disks and change the structure,
Thanks, Gord!
The one thing of interest that I noted in the "DNS Check"
(https://zonemaster.iis.se) for GTALUG.org was that our DNS hosting
via Gandi has perhaps insufficient diversity. To wit, there are
several warnings similar to "All nameservers in the delegation have
IPv4 addresses in the
On 2018-08-30 12:12 p.m., James Knott via talk wrote:
On 08/30/2018 12:04 PM, Alvin Starr via talk wrote:
There are other ICMP messages that can be used for probing like
timestamp(msg-13).
All around all disabling ping does for you is to make it harder for
your ISP or IT support people to see
On 08/30/2018 12:13 PM, Howard Gibson via talk wrote:
>I have been on a commercial site where the Windows laptops were
> administered remotely, from somewhere in the USA, I think. I don't
> know how secure they were. The company did not have particularly nasty
> security requirements, i.e.
On Thu, 30 Aug 2018 12:10:08 -0400
James Knott via talk wrote:
> How much security do you think you'll get in that coffee shop? I also
> have a notebook computer that has a firewall running, even when on my
> home network, behind a firewall.
James,
I expect no security at a coffee shop.
On Thu, 30 Aug 2018 12:04:34 -0400
Alvin Starr via talk wrote:
> There are other ICMP messages that can be used for probing like
> timestamp(msg-13).
> All around all disabling ping does for you is to make it harder for your
> ISP or IT support people to see if you are having network problems
On 08/30/2018 12:04 PM, Alvin Starr via talk wrote:
> There are other ICMP messages that can be used for probing like
> timestamp(msg-13).
> All around all disabling ping does for you is to make it harder for
> your ISP or IT support people to see if you are having network
> problems and the
On 08/30/2018 12:04 PM, Howard Gibson wrote:
>> Also, relying on NAT for security is a bad idea. It does nothing that a
>> properly configured firewall can't do.
> James,
>
> My regular laptop is a home computer that sits behind a commerical
> router most (not all) of the time. My Ubuntu
On Thu, 30 Aug 2018 at 11:57, James Knott via talk wrote:
> For example traceroute will simply time out if the device
> doesn't respond, but there is a route to it.
For a device that doesn't respond, traceroute only tells you that you
can get to the network that the device is on (you can
On Thu, 30 Aug 2018 11:46:42 -0400
James Knott via talk wrote:
> Also, IPv6 is now being used by many and NAT is discouraged on it. This
> means that, for example, Rogers customers will have public IPv6
> addresses. However, given that they have a minimum of 18.4 billion,
> billion addresses
On 08/30/2018 11:45 AM, Scott Allen via talk wrote:
> But what if you *don't* know someone lives at 1234 Bloor St. (and most
> of the residences on Bloor St. are vacant)?
That doesn't stop many burglars or squatters.
> If you knock on one of the doors (ping), you
> may get an answer, telling you
On Thu, 30 Aug 2018 at 11:17, Alvin Starr via talk wrote:
> I know someone is at 1234 Bloor St. but that does not help much with
> breaking in.
But what if you *don't* know someone lives at 1234 Bloor St. (and most
of the residences on Bloor St. are vacant)? Breaking into one that's
vacant
On Thu, 30 Aug 2018 12:24:31 -0300
Mauro Souza via talk wrote:
> You don't need to disable ping on your internal network, only at the
> router. Because of NAT, nobody can really ping your internal system.
>
> Try this. Keep ping enabled on your Linux, and in your router, run this on
> Linux:
>
On 08/30/2018 11:24 AM, Mauro Souza via talk wrote:
> Because of NAT, nobody can really ping your internal system.
There are many networks that do not use NAT. In fact, it's rarely used
on IPv6. Regardless, there are other ways of finding a router or
computer that do not use ping. Blocking
You don't need to disable ping on your internal network, only at the
router. Because of NAT, nobody can really ping your internal system.
Try this. Keep ping enabled on your Linux, and in your router, run this on
Linux:
sudo tcpdump -i any icmp
Now go to any "online ping service" and ping your
On 08/30/2018 11:17 AM, Alvin Starr via talk wrote:
> I know someone is at 1234 Bloor St. but that does not help much with
> breaking in.
> I still need a way to get past the front door.
Also, security through obscurity is not security.
---
Talk Mailing List
talk@gtalug.org
On 08/30/2018 11:00 AM, Howard Gibson via talk wrote:
> I am assuming that someone will use ping to search a network for interesting
> stuff. If the IP address does not respond to ping, the cracker will keep
> searching.
What happens if they ping an address behind the router. There are many
On 08/30/2018 11:00 AM, Howard Gibson via talk wrote:
Jamon,
I am assuming that someone will use ping to search a network for
interesting stuff. If the IP address does not respond to ping, the cracker
will keep searching. All the other ports are closed too. The security is not
Jamon,
I am assuming that someone will use ping to search a network for interesting
stuff. If the IP address does not respond to ping, the cracker will keep
searching. All the other ports are closed too. The security is not perfect,
but I am hoping to have escalated things beyond the
On Thu, Aug 30, 2018 at 7:48 AM, James Knott via talk wrote:
> On 08/30/2018 06:11 AM, o1bigtenor via talk wrote:
>> I have ping disabled directly on my router so none of the machines
My router software asks me if I want to allow or disallow pings from the www.
I have that box marked 'disallow'.
On 2018-08-29 11:43 PM, Amos H. Weatherill wrote:
Scott,
My reasoning for / on ZFS is pretty Simple ... the machine that is
becoming my first NAS only has 4 SATA Ports, so I can't afford to Waste
one on a boot drive.
Recommended best Practice is to use ZFS with whole disks. That said,
most
On 08/30/2018 06:11 AM, o1bigtenor via talk wrote:
> I have ping disabled directly on my router so none of the machines
> behind it can be accessed from outside.
How does disabling ping on a router prevent access to what's behind it?
Ping has nothing to do with routing.
---
Talk Mailing List
On 29/08/18 21:44, Howard Gibson via talk wrote:
>I am playing with my hack Ubuntu machine, and I am sorting out
> security. I want to disable ping. This is a laptop, and I want to
> document the application of aluminium foil.
Could you elaborate a bit about how disabling ICMP enhances
On Thu, 30 Aug 2018 05:49:58 -0500
o1bigtenor wrote:
> On Thu, Aug 30, 2018 at 4:13 AM, ac via talk wrote:
> > yeah, this is the reason why I do not usually respond to this type
> > of post... security is a wide and varying topic. and opinions are
> > held by all and sundry.
> > just for the
On Thu, Aug 30, 2018 at 4:13 AM, ac via talk wrote:
>
> yeah, this is the reason why I do not usually respond to this type of
> post... security is a wide and varying topic. and opinions are held by
> all and sundry.
>
> just for the record though: what i said was: fail2ban is not the right tool
On Wed, Aug 29, 2018 at 10:58 PM, Howard Gibson via talk
wrote:
> On Wed, 29 Aug 2018 22:03:52 -0400
> Alvin Starr via talk wrote:
>> you could also do the following:
>>
>> sudo sysctl net.ipv4.icmp_echo_ignore_all=1
>
> Alvin,
>
>That's it. I saw instructions on the internet to update
yeah, this is the reason why I do not usually respond to this type of
post... security is a wide and varying topic. and opinions are held by
all and sundry.
just for the record though: what i said was: fail2ban is not the right tool
not that it cannot do it...
anyway, at least you have a
Hi,
Well, named is pretty smart and knew the requests were bogus, as
indicated by the "denied". My named is still resolving valid requests
for my domain.
And fail2ban does support this very circumstance. I had to edit
fail2ban's built in regex for named before it would work. I am guessing
28 matches
Mail list logo