Yo Eric! On Tue, 24 May 2016 15:29:34 -0400 "Eric S. Raymond" <e...@thyrsus.com> wrote:
> > The security section would obviously be generally useful. It's
> > worth mentioning firewalls and/or NAT boxes. I think there should
> > be a warning about plugging in a Pi that isn't protected one way or
> > the other.
>
> Agreed. Added:
>
> Now check your security. You need to be behind a NAT box or
> firewall for the next several steps. If anyone on the public
> Internet can reach your SBC via ssh before you remove the default
> account, your Pi could be enslaved by an attack bot within minutes.
Since you had your server hacked already this year, you should be
one that knows a firewall is not good enough. You must have good
passwords inside.
Do not advocate an M&M defense, prefer defense in depth.
> See my reply to Gary and your text about NATs and firewalls. Nobody
> has convinced me that this procedure *isn't* taking security
> seriously, nor will they until I understand how any machine other
> than the one I port-forward to is visible to outsiders.
Since you are a person someone recently hacked, causing you some pain in
creating and distributing new credentials, don't you think it is proven
you are not taking security seriously enough?
Do you even know how you were hacked?
WAY too many people are getting hacked because their NAT/firewall is
on their IPv4 and not on the IPv6 that their ISP just turned on without
telling them..
Hmm, looking at your grelber, did you realize it already HAS a public
and not firewalled external IPv6 address?
I have direct access to your dovecot, etc. I bet you get dictionary
scan on it every day.
Your NAT is doing nothing for you.
So much for your security...
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
pgpUA0mT2mVR3.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
