2 Feb
2016
2 Feb
'16
3:09 p.m.
Subject:
[44net] OpenWRT Security Notice
From:
lleachii(a)aol.com
Date:
02/02/2016 04:11 AM
To:
44net(a)hamradio.ucsd.edu
the least computationally difficult method to protect our gateways from rogue packets is
to not publicize/announce our Public WAN-facing IP address.
Of course that does not work very well.
All other gateway stations know your public IP and those who really want to know it can
probably obtain it.
The only way to protect your system is by using appropriate filters. And yes, these can
be difficult to design,
especially in the world of lousy internet service providers that do not bother filtering
clients that spoof addresses....
Rob
2 Feb
2 Feb
5:44 p.m.
New subject: OpenWRT Security Notice
This is a false security.
But setting the public interface to accept only ip proto 4 traffic is a
solution.
And on rhe tunnel, only to accept requests with source address 44/8.
Spoofed traffic will not be corrected routed back, so that is no real
issue in this case.
> (Please trim inclusions from previous messages)
> _______________________________________________
>> Subject:
>> [44net] OpenWRT Security Notice
>> From:
>> lleachii(a)aol.com
>> Date:
>> 02/02/2016 04:11 AM
>>
>> To:
>> 44net(a)hamradio.ucsd.edu
>>
>>
>>
>> the least computationally difficult method to protect our gateways from
>> rogue packets is to not publicize/announce our Public WAN-facing IP
>> address.
>
> Of course that does not work very well.
> All other gateway stations know your public IP and those who really want
> to know it can probably obtain it.
> The only way to protect your system is by using appropriate filters. And
> yes, these can be difficult to design,
> especially in the world of lousy internet service providers that do not
> bother filtering clients that spoof addresses....
>
> Rob
>
3216
days inactive
3216
days old
1 comments
2 participants
participants (2)
-
marius@yo2loj.ro -
Rob Janssen