Become a fan of Slashdot on Facebook


Forgot your password?
Slashdot Deals: Get The Fastest VPN For Your Internet Security Lifetime Subscription Of PureVPN at 88% off. ×

Comment Clever but not earthshaking. (Score 4, Interesting) 94

Essentially, you are having the user connect to the internal address of the VPN server for your forwarded port, and therefore you do not go through the VPN or NAT. A good VPN service will have bound your port to the external address only, and this would not work. And the bad ones will fix this quickly, I bet.

Comment Re:Don't install Comcast equipment... (Score 1) 47

Exactly this - what's to stop your own equipment from being the static IP?

I think you both misread what I said.

Comcast requires their business-class DSL customers with more than one static IP to use rented equipment.

They'll let you have a single static IP with your own CPE. They might even allow you two (not certain). They won't let you have a block of eight IPs, which is what I currently have from Covad or Megapath or whatever their name is this week (Global something-or-other).

I think you did not read what I wrote. You use the non-wifi and non-NAT equipment (and you have to demand it, or they will put in the WiFi full wiz bang BS router) and set up your firewall behind it. Yes, you do not own the docsis router. Nor you you own the rest of the routers in their network. But you do own the device doing firewall, NAT and WiFi which nips this security problem in the bud.

Comment Re:Don't install Comcast equipment... (Score 2) 47

... problem solved. The only reason this attack vector exists in the first place is that people are too lazy to install their own equipment.

Unfortunately, Comcast requires their business-class DSL customers with more than one static IP to use rented equipment, even if you are using it in a residential setting. So power-user customers don't have the option to install their own equipment.

Yes you can. You just specify the non-wifi equipment and no NAT. (Like the SMC Broadband Gateway. The Netgear can do it to.) Then set up your own firewall and WiFi. You can use something like on an old WinTerminal for under $50.

Comment Re:This is great (Score 4, Insightful) 73

This could also make power speculation and arbitrage possible. Buy power to charge up on windy nights and sell on hot days. (In summer, anyway) Bulk wind power in Texas on the spot market has actually dropped below zero on a few occasions. This would fix that imbalance.

Comment Re:Well, at least someone is willing to say it! (Score 1) 572

I wasn't aware FreeBSD was a top level Linux distribution.


With the major distros all moving to systemd, it's nice to see someone burn that bridge. I think if at least one top level distro was anti-systemd, then the drama would all go away, because the group that distrusts systemd could just go there. Someone quick spend your life forking fedora to a non-systemd thing. Pls?

Nope... Linux never mentioned there.

Comment Re:Well, at least someone is willing to say it! (Score 1) 572

FreeBSD. And it is growing. Admittedly, from a VERY small share, but...

Get me an up-to-date nVidia driver, and support for vmware, and I'll switch all my systems right now. Cold day in hell, you say? That's about when I'll go BSD, then.

Well, I guess you will be reinstalling for a while... VMware since FreeBSD8 and current Nvidia drivers. PC-BSD is a little easier for a Desktop then pure FreeBSD.

Comment Re:DH groups (Score 1) 28

I love that page. A good coverage of what is considered secure. In SmallWall, the continuation of m0n0wall, the IPsec configuration page actually has a link to that Cisco page, along with warnings about what is no longer secure.

Note, however, that they also consider DH-2048 acceptable. I believe the general consensus is that it will be secure until about 2020.

ASHes to ASHes, DOS to DOS.