Hey.
On 21/09/2011, Rod Whitworth wrote:
> It need not be spoofed.
> If you use authpf whilst your are on a LAN that is NATted (very common)
> everyone on that LAN will be able to access your remote host.
Nice one.
On 21/09/2011, ropers wrote:
> The way I understood David's concern (please cor
On Wed, 21 Sep 2011 01:38:28 +0200, ropers wrote:
>1. Legit user authenticates with authpf.
>2. After authentication, PF (if thusly configured) just allows that IP
>full access to various and sundry services it otherwise blocks.
>3. While the legit user remains authenticated, an intruder who ma
>> Nick Holland wrote:
>>> Your risks with wireless:
>>> * Unauthorized use to access Internet
>>> -> use AuthPF so that you have to ssh authenticate to use the
>>> gateway.
> David Walker wrote:
>> Yep. Too good to be true but it won't stop a persistent script kiddie
>> from spoofing thoug
On 21 September 2011 00:59, Peter N. M. Hansteen wrote:
> ropers writes:
>
>> Is this (still) true/required? (Why?)
>> Or is it complete nonsense?
>
> If intense development was happening in that area at the time, it may
> have made sense. But it's been some years and it's almost certainly no
>
ropers writes:
> Is this (still) true/required? (Why?)
> Or is it complete nonsense?
If intense development was happening in that area at the time, it may
have made sense. But it's been some years and it's almost certainly no
longer relevant.
- P
--
Peter N. M. Hansteen, member of the first R
On 9 September 2011 15:13, David Walker wrote:
> I have some idea IPsec might be useful so I do a search and this comes
> up (first cab off the rank) ...
> http://www.symantec.com/connect/articles/zero-ipsec-4-minutes
>From that (apparently old) article:
> Note that if you follow the CVS builds
Hi Stuart.
Stuart Henderson
> iked doesn't handle retransmitting dropped ike packets yet, so it's not a
> great choice for wireless. isakmpd should be fine though.
I read through ISAKMPD and IKED and noticed this:
iked is not yet finished and is missing some important security features.
Hi Marian.
On 10/09/2011, Marian Hettwer wrote:
> I'd say SSH tunnels are still in.
Cool.
> No. IP spoofing won't help them script kiddy at all.
> To successfully authenticate via authpf, you need a valid ip adress for
> responses.
> With a fake source ip, the script kiddy won't even get a full
On 2011-09-09, Christian Weisgerber wrote:
> Stuart Henderson wrote:
>
>> laptop:
>> ike dynamic esp from egress to 0.0.0.0/0 peer 11.22.33.44
>>
>> router:
>> ike passive esp from any to any
>>
>> possible complications:-
>>
>> - if you will be communicating with other machines in the same su
Stuart Henderson wrote:
> laptop:
> ike dynamic esp from egress to 0.0.0.0/0 peer 11.22.33.44
>
> router:
> ike passive esp from any to any
>
> possible complications:-
>
> - if you will be communicating with other machines in the same subnet,
> they will send return traffic directly rather th
On 2011-09-09, David Walker wrote:
> I have some idea IPsec might be useful so I do a search and this comes
> up (first cab off the rank) ...
> http://www.symantec.com/connect/articles/zero-ipsec-4-minutes
> ... it's specifically about OpenBSD and it looks pretty easy.
>
> So I go to the ipsec(4)
ess gear to pass UDP 1194.
If
> you are interested, I have OpenVPN config files to share because it is the
> solution I use for wireless security.
>
>
>
> To:
> misc@openbsd.org
> Sent: Friday, September 9, 2011 2:33 AM
> Subject: Secu
bject: Security
over wireless.
Hi.
I'm using some old gear that doesn't support WPA or
better (WEP only).
Until I get around to that what are my options security
wise?
Here's the machines:
inet <-> OpenBSD <-> CPE AP <-> USB <-> OpenBSD
<-> desktops
The AP
Hi David,
On Fri, 9 Sep 2011 21:45:52 +0930, David Walker
wrote:
> Nick Holland
>> define "security" :)
>
> I'm guessing that TLS is out and that IPsec might be in on that criteria.
> Is SSH out there too?
>
I'd say SSH tunnels are still in.
>> Your risks with wireless:
>> * Unauthorized use
I have some idea IPsec might be useful so I do a search and this comes
up (first cab off the rank) ...
http://www.symantec.com/connect/articles/zero-ipsec-4-minutes
... it's specifically about OpenBSD and it looks pretty easy.
So I go to the ipsec(4) man page and see this ...
If we apply ESP
Nick Holland
> define "security" :)
Ouch. I like Bruce Schneier's cynicism ...
As long as I feel secure right?
Encryption to some standard (yet to be determined).
At a minimum packet contents but headers would be great.
I'm a fair bit out of my depth but if I can encapsulate endpoint IP
addresse
Thank you Thomas.
On 09/09/2011, Tomas Bodzar wrote:
> http://www.openbsd.org/faq/pf/authpf.html
At first glance that looks really cool (well it still looks cool) but
I'm not sure it's what I'm after.
As far as I can tell the authentication is secure and ties a ruleset
to an IP but from then on
On 09/09/11 05:33, David Walker wrote:
> Hi.
>
> I'm using some old gear that doesn't support WPA or better (WEP only).
> Until I get around to that what are my options security wise?
define "security" :)
>
> Here's the machines:
>
> inet <-> OpenBSD <-> CPE AP <-> USB <-> OpenBSD <-> desktops
On Fri, Sep 9, 2011 at 11:33 AM, David Walker wrote:
> Hi.
>
> I'm using some old gear that doesn't support WPA or better (WEP only).
> Until I get around to that what are my options security wise?
>
> Here's the machines:
>
> inet <-> OpenBSD <-> CPE AP <-> USB <-> OpenBSD <-> desktops
>
> The AP
Hi.
I'm using some old gear that doesn't support WPA or better (WEP only).
Until I get around to that what are my options security wise?
Here's the machines:
inet <-> OpenBSD <-> CPE AP <-> USB <-> OpenBSD <-> desktops
The AP is some Cisco or something. Like those WRT54s and whatnot.
I notice i
20 matches
Mail list logo
