On Thu, May 15, 2008 at 11:08 AM, Patrick O'Callaghan <pocallaghan@xxxxxxxxx> wrote: > On Thu, 2008-05-15 at 15:44 +0100, Anne Wilson wrote: >> On Thursday 15 May 2008 15:24, Patrick O'Callaghan wrote: >> > >> > Incoming to the mail server. Outgoing from your laptop. We're talking >> > about configuring your laptop at Wifi hotspots aren't we? Or have I >> > totally lost the plot? >> > >> I was thinking about configuring the server to accept my connections from >> hotspots, but not unknown ones. > > Hotspots will almost invariably use NAT, so the IP address of the laptop > as seen from *outside* the hotspot is going to be known beforehand. What > you won't know is the port number since it's assigned dynamically by the > hotspot's router, so you can't use a firewall to distinguish between > different machines within the hotspot's coverage. It's pretty much all > or nothing. I don't think a firewall filter is what you need here. > >> > (Nota Bene: "incoming" and "outgoing" has nothing to do with the >> > direction the mail is flowing. The machine behind the firewall that >> > sends the initial TCP request is the "outgoing" machine from the point >> > of view of the firewall, whether it's sending mail or reading it). >> > >> I *think* I'm still with you :-) But still, the first decision is whether to >> accept the connection, isn't it? >> >> > Maybe I'm misunderstanding what you're trying to do. >> > >> Worry not - I confuse myself at times :-) What I'm really trying to do is get >> my head around the issues regarding working away from home. I have imap >> mail set up, and was wondering whether to go further to allow access to my >> files while away from home, but I need some basic background understanding >> before I try to get specifics. Otherwise I don't know what is relevant >> reading and what isn't :-) I'm assuming that I'd have to do something like a >> vnc connection - but since I don't have the basics, I could be way off beam. > > If it's just IMAP mail, then use SSL encryption. > > If you really want to make sure the connection is coming from your > laptop (and not from you using e.g. a cybercafe machine) then you can > set up an SSH tunnel using tokens instead of passwords. You have to > physically copy the SSH token to your laptop (e.g. via a USB key) but > this is a once-only operation. Or in fact keep the token on the key and > thus allow connection only when the key is plugged in :-) > > If you just want to browse your desktop remotely, then VNC or NX is what > you need. These can also work over SSH using either tokens or passwords. > This will also cover the email case. Note that copying a mail attachment > locally to the laptop's hard drive gets a little more complicated in > this scenario. > > If you want general access to your files from any local app on the > laptop, you're looking at a VPN of some kind. This can also be done via > SSH, or if you're more ambitious then look at IPSEC systems such as > FreeSWAN. > > (My knowledge of these things is mostly theoretical so I can give you a > rough idea how they are *supposed* to work but if you need a cheat-sheet > then Google is your friend). > > poc I think, assuming i have followed things correctly to this point, a big if I know, that she was looking for someway to establish the computer's identity through its hardware configuration, a hardware fingerprint if you will, this would be possible I think but you would have to have some kind of computed hash, based on the hardware setup and something random(in case someone somewhere has a computer setup identical to yours and also happens to stumble across your network) that would uniquely identify your computer, maybe calculated based on the individual serial numbers of your hardware components, assuming they are unique of course. I asked something similar once but all i got were quizzical looks for my effort, as well as suggestions like "isn't that what cookies are for?" to which the answer is of course no. Cookies store settings, site info, and such but this would be like a fingerprint for your computer or a retinal pattern or a dna sample. Max -- And on the eighth day he said "There shall be no rest for the weary." -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
