Re: Safest way of accessing a home computer from outside?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sunday 31 December 2006 12:39, Ahmed Hussain wrote:
>Hi ,
>
>Sorry I'm a newbie , what if I my router doesent have a public IP
>itself. I mean to say my provider provides me a 192.168.1.x of it's
>network and internally I have a lan. will I ever be able to access me
>personal system via router [provided my ISP provider will not change any
>of it's settings from his end ] .
>wondering if any kind of dynaDSN or peer to peer can help me to do
>that .
>
>Any Suggestions ?

Yes, run, don't walk, stumble or crawl, as fast as you can, to another 
provider.  Having dealt with that sort of a scenario on dialup many years 
ago, that's a security hole you can drive an 80,000 pound load of 
swinging beef through.  An insurance agents secretaries machine 45 miles 
away got infected with the first generation of sobig and tied up the 
whole network, and the isp refused to disconnect a good customer.  We 
were all linux on the gateway side so that worm, nor any of the others 
have ever bothered out servers.  The winderz boxes in the various offices 
are another horse entirely though.  But we did make quite an impression 
on them about opening emails from unknown srcs after word got around that 
we were no longer spending days per machine running viri detectors, but 
were simply re-imageing the machine that got infected, losing ALL their 
personal stuff including sales leads and black book addresses.

We sent several emails, finally getting into the nastygram mode, to which 
the sexytaries only reply was "so what, its working for me.  And if you 
contact me again with that kind of language the next phone call will be 
from our lawyer."  A genuine cast iron bitch she was.

It cost us 95% of our bandwidth defending against that box 45 miles away, 
back when a 56k dialup was the rule of the land.  So we spent better than 
15 grand on a T1 till a new isp came on the scene.

vz at least gives me an outside address at the outside of my router, in 
this case an old box with DD-WRT installed on it.

DD-WRT, and an outside address, can setup a VPN in just a few minutes.

>Regards,
>Ahmed Hussain
>
>On Sun, 2006-12-31 at 12:27 -0500, Jacques B. wrote:
>> On 12/30/06, Timothy Murphy <tim@xxxxxxxxxxxxxxxxxxxxxx> wrote:
>> > What is the safest way of allowing access to a home system
>> > from a remote computer?
>> > I am running Fedora-6 and shorewall.
>> >
>> > Any advice or suggestions gratefully received.
>> >
>> > --
>> > Timothy Murphy
>> > e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
>> > tel: +353-86-2336090, +353-1-2842366
>> > s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
>> >
>> > --
>> > fedora-list mailing list
>> > fedora-list@xxxxxxxxxx
>> > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>>
>> I agree - ssh with no password and then use certificates to
>> authenticate.  And start it with the -X option if you want to be able
>> to run XWindows applications over ssh.
>>
>> As for a router, as was noted, you simply need to configure your
>> router so that all traffic coming in on whatever port you decide to
>> use for ssh (22 being the default) is forwarded to your ssh server.
>> You will want to assign a static IP to your ssh server (either
>> configuring the box itself, or if your router supports it, assign
>> static IP via DHCP for the nic in your ssh server).  It would also be
>> wise to disable root access via ssh.  If you need root access, you can
>> su or sudo once you've connected to your server.
>>
>> To copy files, you can use scp to access your ssh server.  If you
>> simply want to set up a shared drive on your server, then have a look
>> at hamachi.  I've played with it (the Windows version mind you, but
>> they have a Linux version as well).  You can find Hamachi at
>> http://www.hamachi.cc/.  The nice thing with Hamachi is that it's zero
>> configuration.  You don't have to open ports on your router to get it
>> to work.  The down side if you are paranoid is that you are relying on
>> someone else's network and product vs known/trusted ssh.
>>
>> And of course VNC and its flavours might do the trick.  I am pretty
>> certain you can tunnel VNC through ssh if you want to wrap a layer of
>> protection/encryption.  I had managed to get VNC to work over Hamachi
>> for a fleeing moment a while back (Windows box otherwise I would have
>> tried it with ssh).
>>
>> Jacques B.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux