Re: [dev] Logical abilities of routers

From: Sean MacLennan <seanm_AT_seanm.ca>
Date: Mon, 1 May 2023 12:56:30 -0400

On Mon, 1 May 2023 09:45:22 -0700
Jeremy <jer_AT_jer.cx> wrote:

> Pretty neat that you don't use NAT. I had a public IP on my laptop
> once(ONCE) & the Chinese kept sending garbage to any port that was
> open & it made my laptop hot(almost burned my thighs!) What's your
> secret to avoid this??

I had a public IP for 18 years. The secret is to not have open ports ;)

In the early years it was not a problem... but it slowly got worse and
worse.

I moved my website to the cloud. I moved my email to the cloud. For ssh
I either moved the port (easy) or later added port knocking (harder).

I also found used bad guys in iptables. Basically, if you hit my
firewall on a bad port, you are put in the bad guys list. This blocks
your ip for a couple of minutes. This makes port scans super expensive.

Today I have a Bell router in front of my router with no port
forwarding. It means I cannot remotely ssh to my systems... but really
hasn't been that limiting since I work mainly from home now.

So I have a Bell router, connected to my main router (Linux box), which
is connected to a wireless router for wireless. Yes, the Bell router has
wireless, but it is in the basement and doesn't have a great signal.
And I already had the wireless router.

Cheers,
   Sean
Received on Mon May 01 2023 - 18:56:30 CEST

This archive was generated by hypermail 2.3.0 : Mon May 01 2023 - 19:36:10 CEST