[asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?
bruce bruce
bruceb444 at gmail.com
Sat Oct 2 18:37:35 CDT 2010
Thanks Roger.
I will be trying this box to see what I can do. Otherwise, I'd probably have
to find a list of all of the Rogers (The ISP providing internet to these
boxes) IPs to at least limit the attacks to Rogers ISP.
hmmm....
Or maybe secure is using DNS like this:
sdlfjdsfJ#@$523k4j98sd7fkjh324#@$832.dyndns.org
^^^^^^^^^^^^^^^^^^^^isn't that a security feature in itself?
Thanks
On Sat, Oct 2, 2010 at 4:32 PM, Roger Burton West <roger at firedrake.org>wrote:
> On Sat, Oct 02, 2010 at 04:09:33PM -0400, bruce bruce wrote:
> >Can't I in my ip tables just accept the pap2t.dyndns.org if that is bind
> to
> >the PAP2T? do you think the devices comes in with it's external IP rather
> >than the dyndns domain?
>
> Yes. An IP datagram carries only the source and destination IP
> addresses, not the DNS names associated with them. Your firewall _may_
> be able to accept a DNS name to block or allow rather than an IP
> address, but most don't, and doing so makes you vulnerable to DNS
> spoofing attacks.
>
> To go further would be thoroughly off-topic for this list.
>
> Roger
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20101002/a6513580/attachment.htm
More information about the asterisk-users
mailing list