On Tue, 20 Jan 2009 13:30:58 +0100 Sebastian Rose <sebastian_rose@gmx.de> wrote: > >> I have the usual DSL access to the internet here: > >> > >> my_PC ---> Fritzbox ---> Internet ---> Server > >> > >> which means I have a new IP all 24 hours. > >> > >> Is there a way to identify my PC for iptables? Maybe port knocking could be a solution for you. http://mkweb.bcgsc.ca/portknocking > It would be better, to have different tactics for several groups of > IPs. AFAIK IPs like mine, dynamic ones, are reassigned all 24 hours in > germany (Telekom). Maybe a second thread (or process) could do a > `whois' for all IPs tracked, and assign the IPs an appropriate > expiration date. > [...] > I noticed, that the `whois' for dynamic IPs has no `[Admin-C]' > section. Could I depend on this fact? Looks disproportionately difficult to me. Try to do security with simplicity in mind. Every additional piece of code, configuration, software, component increases the possibility of errors and failures. PS: I don't use netfilters on personal servers. /Benjamin -- Freundliche Gruesse/Best Regards Benjamin Hackl IT/Administration Media FOCUS Research Ges.m.b.H. Maculangasse 8, 1220 Wien Tel.-Nr.: +43 1 258 97 01-295 benjamin.hackl@focusmr.com http://www.focusmr.com/
Attachment:
signature.asc
Description: PGP signature