Matt, I really appreciate your candor. Your opinions often get flak for
being blunt rather than being wrong and I think you don't deserve the
heat as often as you get it.
But in this particular case, that definitely doesn't meet the definition
of security through obscurity.
-Adam
On 12/28/2019 3:17 AM, Matt Hoppes wrote:
So security through obscurity. Got it.
On Dec 27, 2019, at 10:17 PM, Cassidy B. Larson <c...@infowest.com
<mailto:c...@infowest.com>> wrote:
temp ips are used until the tcp session ends for that stream. If I
have an ssh window open for a day, the temp IP is still showing in
my interface config, but only until that particular ssh session is
closed. New tcp sessions for a bank website would use a different
temp IP then get expired after an hour or so if nothing else is using
that temp address.
Inbound connections to temp ips that are not already “setup” (similar
to a router nat translation rule) would be blocked by the os as temp
ips are for outbound connections only.
On Dec 27, 2019, at 20:07, Matt Hoppes
<mattli...@rivervalleyinternet.net
<mailto:mattli...@rivervalleyinternet.net>> wrote:
Second time I’ve heard this. If it’s using random addresses how does
anything communicate back with it?
And things like banks that secure sessions based on ip addresss will
break if the IP changes with each click.
On Dec 27, 2019, at 9:58 PM, Cassidy B. Larson <c...@infowest.com
<mailto:c...@infowest.com>> wrote:
IPv6 uses temporary addresses for sourcing outbound connections.
Some random joe trying to connect back to that temp IP they found
in their logs wont get them anywhere.
Of course, who knows if your ring doorbell on v6 might actually
implement temp ipv6 ips.
On Dec 27, 2019, at 6:53 PM, Matt Hoppes
<mattli...@rivervalleyinternet.net
<mailto:mattli...@rivervalleyinternet.net>> wrote:
You’re putting a lot of faith in that SOHO router.
I know NAT is not a firewall, but even poorly configured it takes
some effort to open ports.
With ipv6 dropping the inbound firewall is rather trivial.
On Dec 27, 2019, at 8:24 PM, Adair Winter
<ada...@amarillowireless.net <mailto:ada...@amarillowireless.net>>
wrote:
it's not like that won't be firewalled... NAT doesn't stop
anything a firewall wouldn't. Consumer routers are going to come
out of the box with in incoming deny.
On Fri, Dec 27, 2019 at 7:21 PM Matt Hoppes
<mattli...@rivervalleyinternet.net
<mailto:mattli...@rivervalleyinternet.net>> wrote:
And we want to roll ipv6 out to every device in the house and
let them on the internet directly....
On Dec 27, 2019, at 8:05 PM, Ken Hohhof <af...@kwisp.com
<mailto:af...@kwisp.com>> wrote:
I am no fan of Amazon or of Ring doorbells. But seriously,
you can sue them for not forcing you to use two factor
authentication? Even when the customers say they have no
idea what two factor authentication is? As I understand it,
these devices weren’t so much hacked as people chose weak
passwords, or the same password as something else that had a
data breach.
It also seems that the class action suit waiver agreeing to
arbitration should get the suit thrown out, but who knows.
https://www.vox.com/recode/2019/12/27/21039517/amazon-ring-hacking-lawsuit
I’m guessing people are filling their homes with “things”
that will have similar problems. Oh, and I had the radio on
in the car and the one guy said “Hey Alexa” and the other
guy scolded him for saying “the A word”. Evidently if you
give Alexa an instruction on the radio, thousands of houses
get their lights turned on or thermostat turned up or whatever.
--
AF mailing list
AF@af.afmug.com <mailto:AF@af.afmug.com>
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
--
AF mailing list
AF@af.afmug.com <mailto:AF@af.afmug.com>
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
--
Adair Winter
VP, Network Operations / Co-Owner
Amarillo Wireless | 806.316.5071
C: 806.231.7180
http://www.amarillowireless.net <http://www.amarillowireless.net/>
<http://www.amarillowireless.net/>
--
AF mailing list
AF@af.afmug.com <mailto:AF@af.afmug.com>
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
--
AF mailing list
AF@af.afmug.com <mailto:AF@af.afmug.com>
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
--
AF mailing list
AF@af.afmug.com <mailto:AF@af.afmug.com>
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
--
AF mailing list
AF@af.afmug.com <mailto:AF@af.afmug.com>
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
--
AF mailing list
AF@af.afmug.com <mailto:AF@af.afmug.com>
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
