[asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?

Kyle Kienapfel doctor.whom at gmail.com
Sun Oct 3 00:19:11 CDT 2010 

On Sat, Oct 2, 2010 at 4:37 PM, bruce bruce <bruceb444 at gmail.com> wrote:

> Thanks Roger.
>
> I will be trying this box to see what I can do. Otherwise, I'd probably
> have to find a list of all of the Rogers (The ISP providing internet to
> these boxes) IPs to at least limit the attacks to Rogers ISP.
>
> hmmm....
>
>
> Or maybe secure is using DNS like this:
>  sdlfjdsfJ#@$523k4j98sd7fkjh324#@$832.dyndns.org
>
> ^^^^^^^^^^^^^^^^^^^^isn't that a security feature in itself?
>
> Thanks
>
>
>
>
> On Sat, Oct 2, 2010 at 4:32 PM, Roger Burton West <roger at firedrake.org>wrote:
>
>> On Sat, Oct 02, 2010 at 04:09:33PM -0400, bruce bruce wrote:
>> >Can't I in my ip tables just accept the pap2t.dyndns.org if that is bind
>> to
>> >the PAP2T? do you think the devices comes in with it's external IP rather
>> >than the dyndns domain?
>>
>> Yes. An IP datagram carries only the source and destination IP
>> addresses, not the DNS names associated with them. Your firewall _may_
>> be able to accept a DNS name to block or allow rather than an IP
>> address, but most don't, and doing so makes you vulnerable to DNS
>> spoofing attacks.
>>
>> To go further would be thoroughly off-topic for this list.
>>
>> Roger
>>
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>               http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
You're not going to be able to put a dns hostname in the iptables, but you
could have a script that runs at times and gets the ip address for your
dynamic hostname and allows that.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20101002/c5a6588f/attachment-0001.htm

More information about the asterisk-users mailing list