<p>What is baha? Got link? So Sunday after this coming one?</p>
<div class="gmail_quote">On Sep 28, 2010 7:48 AM, <<a href="mailto:travis@subspacefield.org">travis@subspacefield.org</a>> wrote:<br type="attribution">> On Mon, Sep 27, 2010 at 09:07:04PM -0700, Matt Joyce wrote:<br>
>> I'd be willing to come up and talk about chaosvpn<br>> <br>> Well if you could come to NB 2nd Sunday, we could do a joint talk at<br>> BAHA:<br>> <br>> <a href="http://baha.bitrot.info/">http://baha.bitrot.info/</a><br>
> <br>> That would be cool.<br>> <br>> Here's my VPN talk for Erik, who is not local:<br>> <a href="http://www.subspacefield.org/security/vpn/vpn.pdf">http://www.subspacefield.org/security/vpn/vpn.pdf</a><br>
> <br>> Target audience is those wanting to connect their home, servers,<br>> laptops, work.<br>> <br>> I've got a few other points which aren't in the slides yet:<br>> <br>> Do you trust DNS for VPN endpoints?<br>
> Why you want to run own DNS<br>> OpenVPN - simple, xplatform<br>> tunnel all traffic with redirect-gateway<br>> bad when you want to hit intranet sites<br>> you may not even be able to resolve internal DNS<br>
> IPSec - interop is problem, very complex<br>> Isakmpd - OpenBSD hotness, does it work on Linux? Not well, last time I checked<br>> bypass egress filters<br>> RDR/DNAT trick for mapping them*<br>
> port TCP 80/UDP 53 for bypass<br>> make your homepage in browser about:blank or localhost; after it loads is too late<br>> note about WIFI IPs - can attack them directly, then get onto VPN<br>> <br>
> [*] That's a simple way to determine what the egress filter set is,<br>> and tunnel your VPN out. Works nearly 100% of the time.<br>> <br>> For further discussion, consider joining the BAHA list.<br>
> -- <br>> I find your ideas intriguing and would like to subscribe to your newsletter.<br>> My emails do not have attachments; it's a digital signature that your mail<br>> program doesn't understand. | <a href="http://www.subspacefield.org/~travis/">http://www.subspacefield.org/~travis/</a> <br>
> If you are a spammer, please email <a href="mailto:john@subspacefield.org">john@subspacefield.org</a> to get blacklisted.<br></div>