>> Nick Holland wrote: >>> Your risks with wireless: >>> * Unauthorized use to access Internet >>> -> use AuthPF so that you have to ssh authenticate to use the >>> gateway.
> David Walker wrote: >> Yep. Too good to be true but it won't stop a persistent script kiddie >> from spoofing though right? On 9 September 2011 17:00, Marian Hettwer <m...@kernel32.de> wrote: > No. IP spoofing won't help them script kiddy at all. > To successfully authenticate via authpf, you need a valid ip adress for > responses. > With a fake source ip, the script kiddy won't even get a full tcp > handshake ready... > Additionally, you should configure your ssh server to only accept key > based authentication. > A script kiddy without a private key just wouldn't get in. > David Walker wrote: >> If I'm right the authentication is on the initial connection and >> everything subsequent is based on the associated IP address (or with >> noip the userid) which won't prevent a MITM from hijacking that IP and >> certainly won't prevent them from reading my packets. Is that right? > > Usually authpf is used to open a port to "remote_ip" after successful > authentication. > That port is usually used for ipsec. > Your initial authentication connection is ssh, thus it's encrypted and > packet sniffing is useless. > Your second connection could be the ipsec tunnel. Again, it's encrypted > and packet sniffing is useless. The way I understood David's concern (please correct me if wrong) was that he was simply mindful of the security limitations of using *only* authpf (and not then also an ipsec tunnel as you're suggesting). It is true (or at least it's my understanding) that for some purposes, sometimes people use only authpf. In such a scenario, David's concerns might be justified: 1. Legit user authenticates with authpf. 2. After authentication, PF (if thusly configured) just allows that IP full access to various and sundry services it otherwise blocks. 3. While the legit user remains authenticated, an intruder who manages to spoof the legit user's IP would be able to likewise send traffic through. That doesn't mean the intruder would be able to authenticate themselves, they'd just ride the legit user's coattails. Well, unless I'm completely confused too. regards, --ropers
