a little security

Michael F. March plug-discuss@lists.PLUG.phoenix.az.us
Mon, 10 Sep 2001 11:39:11 -0700 

Ken Kughes, who lurks on this list, used vtun to set up
a eight site WAN and it works great. Like the sshd based
solution, it is not a kernel level VPN.. However it performs
like (or better than) a kernel based IPSEC solutions.

Also, he tried an SSH based solution before he used vtun and
vtun appears to be MUCH more reliable and robust than SSH. For
instance, vtun is much better about recovering from high latency
or downed networks.

----- Original Message -----
From: "Bill Warner" <wwarner@direct-alliance.com>
To: <plug-discuss@lists.PLUG.phoenix.az.us>
Sent: Monday, September 10, 2001 11:09 AM
Subject: Re: a little security


> I setup a vpn useing ssh.  check the howtos it basicly
> uses ssh and pppd to create a vpn.  I felt very 31337
> after setting it up. :) got an ssh encrypted tunnel
> through my work firewall straight to my house.
>
> Bill Warner
>
> On 07 Sep 2001 09:49:36 -0700, Nathan England wrote:
> > Okay, I know half of you will probably shoot me for this, but I'm doing
> > it anyway...
> >
> > I need access to a volume on a server across the internet.
> > Right now I am running samba and I am connecting by running three
> > ssh tunnells to ports 137, 138, and 139 from my computer at work to the
> > server. From there I mount the volumes.
> >
> > There has to be a more secure way than this. Especially more secure than
> > samba..  I have a good password, but still any sniffer would get it in a
> > few seconds.  Except for the ssh tunnels, there really isn't any
> > security.
> >
> > Are there any safer ways any one knows of that I could do this?
> > I'm not so worried about my security where someone sniffs me and gets my
> > password, but others seeing the wide open ports and going after it..
> > It's pretty stupid.
> >
> > I was thinking about setting ipchains to only accept the connection from
> > a specific ip, but is there a better way than this?  Any input helpfull.
> > Thanks guys.
> >
> > nathan
> >
> >
> > --
> >  "Ah, lives there a man with soul so dead, who never to himself hath
> > said,
> > as he hunched and rolled in his comfortable bed:
> > To hell with rent...I'll drink instead!"
> >
> > ________________________________________________
> > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
post to the list quickly and you use Netscape to write mail.
> >
> > PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> --
> Bill Warner
> Unix/Linux Admin.
> Direct Alliance Corporation
>
> Company required stuff:
>
> Contents are Direct Alliance Corporation Confidential
>
> This message is for the designated recipient(s) only and contains
> Direct Alliance Corporation privileged and confidential information.
> If you have received it in error, please notify the sender immediately
> and delete the original.  Any other use of this email is prohibited.
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss