From: Anssi Hannula <anssi.hannula@gmail.com>
To: Sietse van Zanen <sietse@wizdom.nu>
Cc: netfilter@lists.netfilter.org
Subject: Re: Messages in log with SNAT target
Date: Wed, 26 Jul 2006 14:21:05 +0300 [thread overview]
Message-ID: <44C75021.9070204@gmail.com> (raw)
In-Reply-To: <02BB8A4AC86C564C89C7F14CF98CE0C40127E0@knowledge.wizdom.nu>
Sietse van Zanen wrote:
> That, or put your WiFi in a DMZ behind a firewall, and have the firewall protect your private network.
>
> Making WiFi DMZ's is sort of standard practice.
>
> -sietse
I don't really get it.
As far as I can see, there are currently two weak points in my network:
1. Someone could compromise one of the hosts remotely.
2. Someone could crack the WLAN encryption.
No matter what kind of firewalls or network schemes I deploy, neither of
those points goes away.
> ________________________________
>
> From: Anssi Hannula [mailto:anssi.hannula@gmail.com]
> Sent: Wed 26-Jul-06 10:16
> To: R. DuFresne
> Cc: Sietse van Zanen; netfilter@lists.netfilter.org
> Subject: Re: Messages in log with SNAT target
>
>
>
> R. DuFresne wrote:
>
>>On Mon, 24 Jul 2006, Anssi Hannula wrote:
>>
>>
>>>>Sietse van Zanen wrote:
>>>>
>>>>
>>>>>The security risk is, and it is a MAJOR one, especially with WiFi
>>>>>networks is that any PC on the network could just be set up with a
>>>>>private IP on your private network, start sniffing for passwords etc.
>>>>>
>>>>>It's a very, very bad idea to put your public and private WiFi
>>>>>infratructure on the same physical network.
>>>>>I would say, there's even no point in firewalling this. Firewalling
>>>>>is seperating, you are combining.
>>>>>
>>>>>-Sietse
>>>>
>>>>
>>>>In this case the private network is only a very small home network. I
>>>>don't see there being too big a risk of anyone setting up a box with
>>>>private IP on the network with harm on their mind. If that would be
>>>>possible, wouldn't the security of the whole system be compromised so
>>>>much that the private/public separation doesn't matter anymore?
>>>>
>>>>The main purpose of the private IPs here is the ease of use and having
>>>>no public IP for a system if so wanted.
>>
>>
>>
>>Hopefully, for yer sake, you are the only home for mile and miles
>>around....Yet, I doubt such is the case, so you are a risk to all sadly.
>>
>
>
> So, what do you suggest, then?
>
> That I have 2 separate wireless networks, one for the internet and one
> for the private network?
>
> (the WLAN is of course WPA encrypted)
>
> --
> Anssi Hannula
>
>
--
Anssi Hannula
next prev parent reply other threads:[~2006-07-26 11:21 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-24 9:17 Messages in log with SNAT target Anssi Hannula
2006-07-24 10:15 ` Sietse van Zanen
2006-07-24 10:24 ` Pascal Hambourg
2006-07-24 10:49 ` Sietse van Zanen
2006-07-25 13:21 ` Pascal Hambourg
2006-07-25 13:37 ` Sietse van Zanen
2006-07-24 11:03 ` Anssi Hannula
2006-07-24 11:33 ` Sietse van Zanen
2006-07-24 12:01 ` Anssi Hannula
2006-07-24 12:39 ` Sietse van Zanen
2006-07-24 12:55 ` Anssi Hannula
2006-07-26 0:40 ` R. DuFresne
2006-07-26 8:16 ` Anssi Hannula
2006-07-26 9:17 ` Sietse van Zanen
2006-07-26 11:21 ` Anssi Hannula [this message]
2006-07-26 11:22 ` Sietse van Zanen
2006-07-26 11:54 ` Anssi Hannula
2006-07-27 19:09 ` R. DuFresne
2006-07-27 19:46 ` Anssi Hannula
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44C75021.9070204@gmail.com \
--to=anssi.hannula@gmail.com \
--cc=netfilter@lists.netfilter.org \
--cc=sietse@wizdom.nu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.