Hey.
On 21/09/2011, Rod Whitworth wrote:
> It need not be spoofed.
> If you use authpf whilst your are on a LAN that is NATted (very common)
> everyone on that LAN will be able to access your remote host.
Nice one.
On 21/09/2011, ropers wrote:
> The way I understood David's concern (please cor
On Wed, 21 Sep 2011 01:38:28 +0200, ropers wrote:
>1. Legit user authenticates with authpf.
>2. After authentication, PF (if thusly configured) just allows that IP
>full access to various and sundry services it otherwise blocks.
>3. While the legit user remains authenticated, an intruder who ma
>> Nick Holland wrote:
>>> Your risks with wireless:
>>> * Unauthorized use to access Internet
>>> -> use AuthPF so that you have to ssh authenticate to use the
>>> gateway.
> David Walker wrote:
>> Yep. Too good to be true but it won't stop a persistent script kiddie
>> from spoofing thoug
On 21 September 2011 00:59, Peter N. M. Hansteen wrote:
> ropers writes:
>
>> Is this (still) true/required? (Why?)
>> Or is it complete nonsense?
>
> If intense development was happening in that area at the time, it may
> have made sense. But it's been some years and it's almost certainly no
>
ropers writes:
> Is this (still) true/required? (Why?)
> Or is it complete nonsense?
If intense development was happening in that area at the time, it may
have made sense. But it's been some years and it's almost certainly no
longer relevant.
- P
--
Peter N. M. Hansteen, member of the first R
On 9 September 2011 15:13, David Walker wrote:
> I have some idea IPsec might be useful so I do a search and this comes
> up (first cab off the rank) ...
> http://www.symantec.com/connect/articles/zero-ipsec-4-minutes
>From that (apparently old) article:
> Note that if you follow the CVS builds
Hi Stuart.
Stuart Henderson
> iked doesn't handle retransmitting dropped ike packets yet, so it's not a
> great choice for wireless. isakmpd should be fine though.
I read through ISAKMPD and IKED and noticed this:
iked is not yet finished and is missing some important security features.
Hi Marian.
On 10/09/2011, Marian Hettwer wrote:
> I'd say SSH tunnels are still in.
Cool.
> No. IP spoofing won't help them script kiddy at all.
> To successfully authenticate via authpf, you need a valid ip adress for
> responses.
> With a fake source ip, the script kiddy won't even get a full
On 2011-09-09, Christian Weisgerber wrote:
> Stuart Henderson wrote:
>
>> laptop:
>> ike dynamic esp from egress to 0.0.0.0/0 peer 11.22.33.44
>>
>> router:
>> ike passive esp from any to any
>>
>> possible complications:-
>>
>> - if you will be communicating with other machines in the same su
Stuart Henderson wrote:
> laptop:
> ike dynamic esp from egress to 0.0.0.0/0 peer 11.22.33.44
>
> router:
> ike passive esp from any to any
>
> possible complications:-
>
> - if you will be communicating with other machines in the same subnet,
> they will send return traffic directly rather th
On 2011-09-09, David Walker wrote:
> I have some idea IPsec might be useful so I do a search and this comes
> up (first cab off the rank) ...
> http://www.symantec.com/connect/articles/zero-ipsec-4-minutes
> ... it's specifically about OpenBSD and it looks pretty easy.
>
> So I go to the ipsec(4)
Sounds like fun.
Here's what you're looking for:
http://en.wikipedia.org/wiki/Diameter_%28protocol%29
Open-source implementation: http://diameter.sourceforge.net/
On Sat, Sep 10, 2011 at 1:21 AM, Matt S wrote:
> I don't know how adventurous you feel, but as long as the the old gear
> supports L
I don't know how adventurous you feel, but as long as the the old gear
supports L2TP pass through, you could consider trying npppd. Although, it
requires some preparation work like adding PIPEX to the generic kernel and
building npppd from the source code. Another option is to investigate using
O
Hi David,
On Fri, 9 Sep 2011 21:45:52 +0930, David Walker
wrote:
> Nick Holland
>> define "security" :)
>
> I'm guessing that TLS is out and that IPsec might be in on that criteria.
> Is SSH out there too?
>
I'd say SSH tunnels are still in.
>> Your risks with wireless:
>> * Unauthorized use
I have some idea IPsec might be useful so I do a search and this comes
up (first cab off the rank) ...
http://www.symantec.com/connect/articles/zero-ipsec-4-minutes
... it's specifically about OpenBSD and it looks pretty easy.
So I go to the ipsec(4) man page and see this ...
If we apply ESP
Nick Holland
> define "security" :)
Ouch. I like Bruce Schneier's cynicism ...
As long as I feel secure right?
Encryption to some standard (yet to be determined).
At a minimum packet contents but headers would be great.
I'm a fair bit out of my depth but if I can encapsulate endpoint IP
addresse
Thank you Thomas.
On 09/09/2011, Tomas Bodzar wrote:
> http://www.openbsd.org/faq/pf/authpf.html
At first glance that looks really cool (well it still looks cool) but
I'm not sure it's what I'm after.
As far as I can tell the authentication is secure and ties a ruleset
to an IP but from then on
On 09/09/11 05:33, David Walker wrote:
> Hi.
>
> I'm using some old gear that doesn't support WPA or better (WEP only).
> Until I get around to that what are my options security wise?
define "security" :)
>
> Here's the machines:
>
> inet <-> OpenBSD <-> CPE AP <-> USB <-> OpenBSD <-> desktops
On Fri, Sep 9, 2011 at 11:33 AM, David Walker wrote:
> Hi.
>
> I'm using some old gear that doesn't support WPA or better (WEP only).
> Until I get around to that what are my options security wise?
>
> Here's the machines:
>
> inet <-> OpenBSD <-> CPE AP <-> USB <-> OpenBSD <-> desktops
>
> The AP
19 matches
Mail list logo
