[vox] RE: security dilemma
Ryan
cjg5ehir02 at sneakemail.com
Thu Sep 21 23:18:29 PDT 2006
On Thursday 21 September 2006 01:51 pm, BRANDON TEARSE tearseb-at-msn.com
|lugod| wrote:
> These responses thus far are all excellent security measures that
> essentially tell you to secure your box w/o using address-based
> authentication. Their security measures are important but do remember that
> even if you can exclude half of the IPs from connecting to your machine,
> that's a significant portion of the internet that wont be able to attack
> you (it sounds like you can even get down to excluding 24/25ths of the
> internet even.)
>
> You mentioned that you couldn't figure out what the full range of allowable
> IPs are for your ISP. This is generally fairly easy to ascertain with a
> few ARIN lookups (check the various IPs you've got and you'll probably find
> a common company who's range you can stick in your allow list.)
>
> Alternatively, someone suggested using DynDNS as a service to constantly
> update what your current IP and stick that in an allow rule (This is what I
> do and it works nicely). DynDNS of course costs a yearly fee (granted,
> having a "static" dynamic address is handy for all sorts of other things
> too) whereas the ARIN lookups are free.
DynDNS service is free for a few hosts per user. Additionaly, I have written
a server implementation of the dyndns.org update protocol in PHP, for use
with MyDNS.
http://ryanc.org/nic/update.php.txt It is compatible with most dyndns client
software.
--
Ryan Castellucci - http://ryanc.org/
GPG Key: http://ryanc.org/files/publickey.asc
More information about the vox
mailing list