Loading ...
Sorry, an error occurred while loading the content.
 

Re: Barring IP addresses

Expand Messages
  • bloedmann999
    ... into ... DD-WRt ... wondering ... telnet ... Checking my processes and open ports I saw that port 111 (rpcbind) is open. I am not using NFS on the slug
    Message 1 of 9 , Jul 16, 2007
      --- In nslu2-linux@yahoogroups.com, "bloedmann999" <Brian_Dorling@...>
      wrote:
      >
      > --- In nslu2-linux@yahoogroups.com, "Mike \(mwester\)" <mwester@>
      > wrote:
      > >
      > > > I'm interested in another aspect of this. I have two slugs, a Debian
      > > > and an Unslung. Neither is open to the Internet. The sole access
      into
      > > > my network is via OpenVPN protected by certificates/keys to my
      DD-WRt
      > > > router. I have no DMZ and no port forwarding into my network.
      > > >
      > > > So, why do I need to use SSH to contact the Slugs? I'm just
      wondering
      > > > about the waste of encrypting with SSH and then again with TLS on
      > > > OpenVPN.
      > > >
      > > > Of course SSH, key based, is more secure, but do I really need it in
      > > > my case, or is it just good practice to always use SSH instead of
      > > > telnet, whatever the situation?
      > >
      > > Regarding Unslung, if you have no security concerns, then the major
      > reason
      > > for using SSH instead of telnet is for reliability. The "enable
      telnet"
      > > mechanism on Unslung depends on proper operation of a number of other
      > > services (inetd, and the Linksys web gui), and it seems that a
      > number of the
      > > recipes in the wiki for Unslung users are almost certain to disrupt
      > one or
      > > the other of those mechanisms. When this happens, it's a support
      > > nightmare -- all of which is neatly solved by using SSH, which doesn't
      > > depend on the web server nor on inetd. :-)
      > >
      > > Mike (mwester)
      > >
      > Good points. Thanks to everyone who replied.
      > Cheers Brian
      >
      Checking my processes and open ports I saw that port 111 (rpcbind) is
      open. I am not using NFS on the slug and have stopped all NFS modules
      from loading, I have also stopped the inet daemon. Currently I see no
      need for it. What I have not managed yet is to stop portmap from
      starting. I changed the name of the portmap script symlink in rc.2,
      that is not run anymore, but portmap still loads somehow.
      Could anyone tell me how it is started on the debian slug version?

      I've also seen recommendations to replace the SSH with dropbear as it
      uses a lot less storage. Is there any reason not to do that? I guess
      if I test it and it seems to work I would not see any reason not to
      use it.

      Cheers Brian
    Your message has been successfully submitted and would be delivered to recipients shortly.