Boy, completely different than me. I run my wireless adhoc network totally open and encourage passers-by to use it. I also encourage visitors to install babled and partake in the cloud. Kirk On Sat, 28 Jan 2012, Gregory Nowak wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Sat, Jan 28, 2012 at 07:00:11PM -0600, chris at the-brannons.com wrote: >> I just allow all ICMPv6 traffic. Is there anything wrong with that? > > I guess the answer to that would depend on one's point of view, and > level of paranoia (grin). Since yourself, Kirk, and maybe more folks > who haven't asked want to know why I'm asking this, I might as well > explain, and let all of you know just how paranoid I am. > > My brother in-law bought me a wireless access point recently. There's > a longer story behind that, and yes, my internal LAN was all wired > until now. Given the security history of wireless networking, I > decided that if I did wireless here, it would be fed off a separate > NIC in my machine, and that I'd run only ipsec over it, or something > even more secure. This is exactly what I did. The wireless access point is > attached to a separate network interface on its own separate private > subnet. The idea is that even if someone were to break encryption, and > gain access to the wireless access point, all it would get then is a > class c v4 address and a documentation v6 address which they could > literally do nothing with without my giving them a ssl cert, and a > username/password if they're running windows. I currently have > ppp/l2tp/ipsec going for windows clients (previously mentioned longer > story), I almost have ipsec to ipsec between linux machines going over > v4, and am working on ipsec to ipsec between linux boxes over v6, > which is why I'm asking what I am. > > I've locked things down enough with ip6tables to block everything > inbound, and outbound on the NIC attached to the wireless access > point. This includes router advertisements, and neighbor > solicitations. In order to get the ipsec connection going, I first > need to issue the client a 2001:db8 address. So, I need to know what I > should allow through without ipsec to make that happen. Hopefully that > explains why I'm asking. > > Greg > > > - -- > web site: http://www.romuald.net.eu.org > gpg public key: http://www.romuald.net.eu.org/pubkey.asc > skype: gregn1 > (authorization required, add me to your contacts list first) > > - -- > Free domains: http://www.eu.org/ or mail dns-manager at EU.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iEYEARECAAYFAk8ku6EACgkQ7s9z/XlyUyATIwCeN5ddTu+rtPy6CDIjUP/WhO8c > a0wAnRHZepDhhbvyl4LEGpEXFJcidA8m > =RodA > -----END PGP SIGNATURE----- > _______________________________________________ > Speakup mailing list > Speakup at braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup > -- Kirk Reiser The Computer Braille Facility e-mail: kirk at braille.uwo.ca University of Western Ontario phone: (519) 661-3061
