[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Remote administration of a machine behind NAT

Andrei Popescu wrote:

> But how can I prevent a possible attacker to abuse this setup to access
> my laptop?

What's the likelihood an attacker will even care that the
system can access your laptop? What's the likelihood that an
attacker will even get access to the other system? Your
paranoia goes too far I believe.

If it was me I would just configure the remote NAT device to
port forward some port for SSH(not likely 22 because it's possible
the upstream ISP would block it), enable ssh on the remote system,
configure it for key based authentication only, and add a little
wget script to the system that the user can click on which "pings"
my web server so I can determine what their IP was at the moment.

I suppose if you were really paranoid you could setup iptables
rules on the remote system to reject inbound SSH connections
unless they came from your static IPs, I wouldn't bother
myself as long as the system they are on still gets security
updates.

Not a lot of effort, and I won't lose any sleep over the
security of the system.

nate
Reply to: