On Wed,10.Sep.08, 13:53:00, nate wrote: > Andrei Popescu wrote: > > > But how can I prevent a possible attacker to abuse this setup to access > > my laptop? > > What's the likelihood an attacker will even care that the > system can access your laptop? What's the likelihood that an > attacker will even get access to the other system? Your > paranoia goes too far I believe. Actually I enjoy looking at this from all sides (hair-splitting?). > If it was me I would just configure the remote NAT device to > port forward some port for SSH(not likely 22 because it's possible > the upstream ISP would block it), enable ssh on the remote system, > configure it for key based authentication only, and add a little > wget script to the system that the user can click on which "pings" > my web server so I can determine what their IP was at the moment. That's a no-go since the NAT is at ISP level. And there are ways to get the IP without installing a webserver for this... > I suppose if you were really paranoid you could setup iptables > rules on the remote system to reject inbound SSH connections > unless they came from your static IPs, I wouldn't bother > myself as long as the system they are on still gets security > updates. I didn't mention having a static IP. Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein)
Attachment:
signature.asc
Description: Digital signature