Sorry I was slow to reply. Some very good points for an against here. It seems a lot of kids are getting advice from you tube sites to use Hamachi. Yes it does create a VPN tunnel, I suppose the best thing to do would be setup a machine configure Hamachi and then go find yourself a good (friendly) hacker somewhere and ask them to join your hamachi network and see if they can access things you dont want to be accessed.
Its a tricky balance between being a "grumpy dad who wont let us setup a mineraft server" to being cautious and trying to protect other machines and our home network. Ive tried explaining that even if you had a fantasic minecraft server at home with lots of CPU and memory, the incoming players will only get a shared connection speed of your upload bandwidth which is usually quite slow on ADSL broadband and will affect their overall responsiveness. So its probably better to investigate online minecraft server hosting packages. All of this is usually met by blank vacant stares anyway... -Mark On 4 July 2012 17:27, kasperd <nab...@kmhhh.04.jul.2012.kasperd.net> wrote: > I will recommend that you don't use Hamachi as long as it is using > 5.0.0.0/8 > addresses. Those addresses were never supposed to be used by Hamachi. There > are now legitimate users of those addresses. The people behind Hamachi have > known for years that this was going to happen. And though they have > repeatedly been asked in their own forum, what they were going to do about > it, they remained silent. > > If you install Hamachi, you will cut off your own access to parts of the > Internet. Servers are now being deployed with legitimate addresses from the > 5.0.0.0/8 range. Hamachi users are unable to access those servers. > > It is not clear if using Hamachi or using a port forwarding will be best > from a security point of view. With a port forwarding it is quite clear > what > traffic is permitted into your network and what is not. However usually a > port forwarding will be accessible to anybody on the Internet. So anybody > can connect to the server, if the server has a vulnerability, then it can > be > exploited. > > If you use Hamachi, I believe Hamachi has a feature to let you decide who > gets to communicate with you using Hamachi. That way it will be restricted > to only certain people. However those people who can connect will still be > able to exploit any vulnerabilities which might exist in that server. > Moreover, unless you explicitly filter it, they will be able to access > other > ports on your computer as well. Additionally you have to trust Hamachi. It > means another piece of software that could potentially have > vulnerabilities. > > Those are the arguments for and against. You get to decide which you find > more important. Overall I think avoiding Hamachi sounds like the best > solution. > > If you are worried about letting a port forwarding remain open for the > entire world, there is a few things you can do to reduce the risk: > - Keep up with updates for the server software running on the port being > forwarded to. > - Put the server software on a separate computer on a different segment of > your network. > - Put the port forwarding on a non-standard port where it is less likely to > be found by port scanning. > - Restrict the port forwarding to only work for specific client IPs. > Each of those four suggestions will help even if you don't follow all four. > > You are welcome to send follow up questions to > kasp...@zcwvd.04.jul.2012.kasperd.net, but do it before that address get > flooded with spam. > > -- > View this message in context: > http://ubuntu.5.n6.nabble.com/Hamachi-tp4980068p4982504.html > Sent from the ubuntu-uk mailing list archive at Nabble.com. > > -- > ubuntu-uk@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk > https://wiki.ubuntu.com/UKTeam/ >
-- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
