I'll bite, what's babled? I've had a bit of a google but haven't come up with anything yet to tell me what this is. Sounds fascinating. regards, Kerry. On 30/01/2012 3:03 AM, Kirk Reiser wrote: > Boy, completely different than me. I run my wireless adhoc network > totally open and encourage passers-by to use it. I also encourage > visitors to install babled and partake in the cloud. > > Kirk > > On Sat, 28 Jan 2012, Gregory Nowak wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Sat, Jan 28, 2012 at 07:00:11PM -0600, chris at the-brannons.com wrote: >>> I just allow all ICMPv6 traffic. Is there anything wrong with that? >> >> I guess the answer to that would depend on one's point of view, and >> level of paranoia (grin). Since yourself, Kirk, and maybe more folks >> who haven't asked want to know why I'm asking this, I might as well >> explain, and let all of you know just how paranoid I am. >> >> My brother in-law bought me a wireless access point recently. There's >> a longer story behind that, and yes, my internal LAN was all wired >> until now. Given the security history of wireless networking, I >> decided that if I did wireless here, it would be fed off a separate >> NIC in my machine, and that I'd run only ipsec over it, or something >> even more secure. This is exactly what I did. The wireless access >> point is >> attached to a separate network interface on its own separate private >> subnet. The idea is that even if someone were to break encryption, and >> gain access to the wireless access point, all it would get then is a >> class c v4 address and a documentation v6 address which they could >> literally do nothing with without my giving them a ssl cert, and a >> username/password if they're running windows. I currently have >> ppp/l2tp/ipsec going for windows clients (previously mentioned longer >> story), I almost have ipsec to ipsec between linux machines going over >> v4, and am working on ipsec to ipsec between linux boxes over v6, >> which is why I'm asking what I am. >> >> I've locked things down enough with ip6tables to block everything >> inbound, and outbound on the NIC attached to the wireless access >> point. This includes router advertisements, and neighbor >> solicitations. In order to get the ipsec connection going, I first >> need to issue the client a 2001:db8 address. So, I need to know what I >> should allow through without ipsec to make that happen. Hopefully that >> explains why I'm asking. >> >> Greg >> >> >> - -- >> web site: http://www.romuald.net.eu.org >> gpg public key: http://www.romuald.net.eu.org/pubkey.asc >> skype: gregn1 >> (authorization required, add me to your contacts list first) >> >> - -- >> Free domains: http://www.eu.org/ or mail dns-manager at EU.org >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.10 (GNU/Linux) >> >> iEYEARECAAYFAk8ku6EACgkQ7s9z/XlyUyATIwCeN5ddTu+rtPy6CDIjUP/WhO8c >> a0wAnRHZepDhhbvyl4LEGpEXFJcidA8m >> =RodA >> -----END PGP SIGNATURE----- >> _______________________________________________ >> Speakup mailing list >> Speakup at braille.uwo.ca >> http://speech.braille.uwo.ca/mailman/listinfo/speakup >> > > -- > Kirk Reiser The Computer Braille Facility > e-mail: kirk at braille.uwo.ca University of Western Ontario > phone: (519) 661-3061 > _______________________________________________ > Speakup mailing list > Speakup at braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup
