Re: how do I target a specific machine

To:	sean <seandarcy2@gmail.com>, netfilter@lists.netfilter.org
Subject:	Re: how do I target a specific machine - not ip address?
From:	Elvir Kuric <omasnjak@yahoo.com>
Date:	Sun, 10 Dec 2006 09:47:58 -0800 (PST)
Cc:
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	netfilter-list1@securepoint.com
Domainkey-signature:	a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=qmtJm0Lpi8jSufU1MzRKizwKVsootepqRT1STL1YY4Ly6MG+FKx3oTdZl5LXG282sSWkcs4YXonu8CUoxU6DkWIIeQ7T44mGwSAmMuv/0vsSWMh80DBrvSQhBCODB0hrmFLeY8u8YaiGeni8d7bfLsmd3xQY7AaNTTjx1uF3Vro=;
In-reply-to:	<elhd9c$ema$1@sea.gmane.org>
List-archive:	</pipermail/netfilter>
List-help:	<mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id:	General discussion and user questions <netfilter.lists.netfilter.org>
List-post:	<mailto:netfilter@lists.netfilter.org>
List-subscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Sender:	netfilter-bounces@lists.netfilter.org

Hi Sean, 

MAC address will not help you. But you can implenment
many other ways to connect to your server. 
First you can change ssh port to listen different than
22, no mater which, I am hoping you know do this. 
Second you can implement iptables rule to accept all 
ssh connections to that port ... something like 
iptables -A INPUT -p tcp --dport 32022 -s any/0 -d
your_server_ip -j ACCEPT
Then implement rules to accept only 2 or more ( it
depends on you ) ssh connection per minute, and you
can make some rule for port knocking in combination
with iptables ( I know port knocking is clear text,
but posible intruder will get only ssh prompt ). 

Of course there are many other security considerations
and I am hoping that other list member will take part
in this discussion.

I hope this helps 

Regards 
Elvir Kuric

--- sean <seandarcy2@gmail.com> wrote:

> I want to connect from travel to my server. Since
> I'm 
> connecting through hot-spots or hotel connections,
> my ip 
> address will be all over the place.
> 
> I thought about putting the laptop's MAC address in
> the 
> packet, and using mac-source, but I've it seems to
> MAC 
> address is stripped out over the internet.
> 
> So, how do I set it up so the server will know my
> laptop 
> from whatever ip address I happen to have.
> 
> BTW, the laptop is linux, so I can mangle
> POSTROUTING if 
> that helps.
> 
> I can ssh, but what I want to do is set up an NFS
> mount.
> 
> sean
> 
> 
> 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

<Prev in Thread]	Current Thread	[Next in Thread>
how do I target a specific machine - not ip address?, sean Re: how do I target a specific machine - not ip address?, Elvir Kuric <= Re: how do I target a specific machine - not ip address?, sean RE: how do I target a specific machine - not ip address?, Rob Sterenborg RE: how do I target a specific machine - not ip address?, Michael P. Brininstool

Previous by Date:	Re: how do I set the MAC address in POSTROUTING?, sean
Next by Date:	Re: how do I target a specific machine - not ip address?, sean
Previous by Thread:	how do I target a specific machine - not ip address?, sean
Next by Thread:	Re: how do I target a specific machine - not ip address?, sean
Indexes:	[Date] [Thread] [Top] [All Lists]

Re: how do I target a specific machine - not ip address?