e...@thyrsus.com said: > See my reply to Gary and your text about NATs and firewalls. Nobody has > convinced me that this procedure *isn't* taking security seriously, nor will > they until I understand how any machine other than the one I port-forward to > is visible to outsiders.
Your mention of port-forward assumes you are behind a NAT box. That's not true in all setups. Try "lastb | grep pi -w" on your bastion machine to get an indication of how persistent the bad guys are. I'm averaging one a day. You can do the math. It's far from a sure thing, but there are too many stories out there along the lines of "my box was hacked within 5 minutes". Gary's comments about IPv6 are important, at least in theory. lastb doesn't show me any probes from IPv6 addresses on the machines I looked at. I'm guessing the bad guys aren't geared up to scan IPv6 yet. Brute force isn't going to find interesting targets - there are too many bits in IPv6 addresses. I wonder when the bad guys will be selling IPv6 addresses the same way they sell email addresses. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
