I appreciate an honest conversation. To me the whole “use temporary IPs” thing just says we are offering security through obscuring what IP it might be at.
> On Dec 28, 2019, at 9:34 AM, Adam Moffett <dmmoff...@gmail.com> wrote: > > Matt, I really appreciate your candor. Your opinions often get flak for > being blunt rather than being wrong and I think you don't deserve the heat as > often as you get it. > > But in this particular case, that definitely doesn't meet the definition of > security through obscurity. > > -Adam > > > >> On 12/28/2019 3:17 AM, Matt Hoppes wrote: >> So security through obscurity. Got it. >> >> On Dec 27, 2019, at 10:17 PM, Cassidy B. Larson <c...@infowest.com> wrote: >> >>> temp ips are used until the tcp session ends for that stream. If I have an >>> ssh window open for a day, the temp IP is still showing in my interface >>> config, but only until that particular ssh session is closed. New tcp >>> sessions for a bank website would use a different temp IP then get expired >>> after an hour or so if nothing else is using that temp address. >>> >>> Inbound connections to temp ips that are not already “setup” (similar to a >>> router nat translation rule) would be blocked by the os as temp ips are for >>> outbound connections only. >>> >>> >>>> On Dec 27, 2019, at 20:07, Matt Hoppes <mattli...@rivervalleyinternet.net> >>>> wrote: >>>> >>>> >>>> Second time I’ve heard this. If it’s using random addresses how does >>>> anything communicate back with it? >>>> >>>> And things like banks that secure sessions based on ip addresss will break >>>> if the IP changes with each click. >>>> >>>> On Dec 27, 2019, at 9:58 PM, Cassidy B. Larson <c...@infowest.com> wrote: >>>> >>>>> IPv6 uses temporary addresses for sourcing outbound connections. Some >>>>> random joe trying to connect back to that temp IP they found in their >>>>> logs wont get them anywhere. >>>>> Of course, who knows if your ring doorbell on v6 >>>>> might actually implement temp ipv6 ips. >>>>> >>>>>> On Dec 27, 2019, at 6:53 PM, Matt Hoppes >>>>>> <mattli...@rivervalleyinternet.net> wrote: >>>>>> >>>>>> You’re putting a lot of faith in that SOHO router. >>>>>> >>>>>> I know NAT is not a firewall, but even poorly configured it takes some >>>>>> effort to open ports. >>>>>> >>>>>> With ipv6 dropping the inbound firewall is rather trivial. >>>>>> >>>>>> On Dec 27, 2019, at 8:24 PM, Adair Winter <ada...@amarillowireless.net> >>>>>> wrote: >>>>>> >>>>>>> it's not like that won't be firewalled... NAT doesn't stop anything a >>>>>>> firewall wouldn't. Consumer routers are going to come out of the box >>>>>>> with in incoming deny. >>>>>>> >>>>>>>> On Fri, Dec 27, 2019 at 7:21 PM Matt Hoppes >>>>>>>> <mattli...@rivervalleyinternet.net> wrote: >>>>>>>> And we want to roll ipv6 out to every device in the house and let them >>>>>>>> on the internet directly.... >>>>>>>> >>>>>>>> On Dec 27, 2019, at 8:05 PM, Ken Hohhof <af...@kwisp.com> wrote: >>>>>>>> >>>>>>>>> I am no fan of Amazon or of Ring doorbells. But seriously, you can >>>>>>>>> sue them for not forcing you to use two factor authentication? Even >>>>>>>>> when the customers say they have no idea what two factor >>>>>>>>> authentication is? As I understand it, these devices weren’t so much >>>>>>>>> hacked as people chose weak passwords, or the same password as >>>>>>>>> something else that had a data breach. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> It also seems that the class action suit waiver agreeing to >>>>>>>>> arbitration should get the suit thrown out, but who knows. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> https://www.vox.com/recode/2019/12/27/21039517/amazon-ring-hacking-lawsuit >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> I’m guessing people are filling their homes with “things” that will >>>>>>>>> have similar problems. Oh, and I had the radio on in the car and the >>>>>>>>> one guy said “Hey Alexa” and the other guy scolded him for saying >>>>>>>>> “the A word”. Evidently if you give Alexa an instruction on the >>>>>>>>> radio, thousands of houses get their lights turned on or thermostat >>>>>>>>> turned up or whatever. >>>>>>>>> >>>>>>>>> -- >>>>>>>>> AF mailing list >>>>>>>>> AF@af.afmug.com >>>>>>>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>>>>>> -- >>>>>>>> AF mailing list >>>>>>>> AF@af.afmug.com >>>>>>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Adair Winter >>>>>>> VP, Network Operations / Co-Owner >>>>>>> Amarillo Wireless | 806.316.5071 >>>>>>> C: 806.231.7180 >>>>>>> http://www.amarillowireless.net >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> AF mailing list >>>>>>> AF@af.afmug.com >>>>>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>>>> -- >>>>>> AF mailing list >>>>>> AF@af.afmug.com >>>>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>>> >>>>> -- >>>>> AF mailing list >>>>> AF@af.afmug.com >>>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>> -- >>>> AF mailing list >>>> AF@af.afmug.com >>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>> -- >>> AF mailing list >>> AF@af.afmug.com >>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
