[vox] RE: security dilemma

Ryan cjg5ehir02 at sneakemail.com
Thu Sep 21 23:18:29 PDT 2006


On Thursday 21 September 2006 01:51 pm, BRANDON TEARSE tearseb-at-msn.com 
|lugod| wrote:
> These responses thus far are all excellent security measures that
> essentially tell you to secure your box w/o using address-based
> authentication.  Their security measures are important but do remember that
> even if you can exclude half of the IPs from connecting to your machine,
> that's a significant portion of the internet that wont be able to attack
> you (it sounds like you can even get down to excluding 24/25ths of the
> internet even.)
>
> You mentioned that you couldn't figure out what the full range of allowable
> IPs are for your ISP.  This is generally fairly easy to ascertain with a
> few ARIN lookups (check the various IPs you've got and you'll probably find
> a common company who's range you can stick in your allow list.)
>
> Alternatively, someone suggested using DynDNS as a service to constantly
> update what your current IP and stick that in an allow rule (This is what I
> do and it works nicely).  DynDNS of course costs a yearly fee (granted,
> having a "static" dynamic address is handy for all sorts of other things
> too) whereas the ARIN lookups are free.

DynDNS service is free for a few hosts per user. Additionaly,  I have written 
a server implementation of the dyndns.org update protocol in PHP, for use 
with MyDNS.  
http://ryanc.org/nic/update.php.txt It is compatible with most dyndns client 
software.

-- 
Ryan Castellucci - http://ryanc.org/
GPG Key: http://ryanc.org/files/publickey.asc


More information about the vox mailing list