[Noisebridge-discuss] How do you secure your public wifi usage?
Jonathan Lassoff
jof at thejof.com
Tue Jan 5 19:54:35 UTC 2010
Excerpts from Sai Emrys's message of Tue Jan 05 10:53:16 -0800 2010:
> Does it do so for DNS queries (or use fixed IPs and thus moot the need to)?
This is at least one way to give a hint to programs that use it on OSX.
"programs that use it". Some may, but most don't.
> When I tried just setting a system SOCKS proxy, I noticed in iftop
> that a lot of traffic was still ignoring it.
These are programs that aren't looking at this knob.
> Yeah, I looked at that. But it's a pain in the ass, and you have to
> set it up specially for each program.
>
> Proxifier just automatically patches *all* traffic through the proxy
> per your rules.
Much like an IP tunnel.
> Basically IMO any solution that doesn't do that - anything that
> requires per-item setup - is bad for security, because it allows human
> error. I know that I certainly don't trust myself not to miss
> something
The exact reason why I recommend a network-layer tunnel that you're
pointing your default route over.
This way, any program that uses the local kernel to open a socket or
connect out will take this path, even if the program or kernel knows
nothing of the configuration of the tunnel/tunnel device.
It also avoids the overhead and flow control of a TCP session, though if
you're running TCP over this tunnel, you'll still see the increased
latency.
> This way the worst case reset scenario is I kill ssh, restart it, and
> maybe restart proxifier. With tsocks you'd have to potentially do so
> for every single program.
>
> FWIW though, there is tsocks for mac.
Link? It was my understanding that OSX didn't have a dynamic linker that
worked for all executables.
> Proxifier handles proxy chaining. :-)
So does OpenSSH.
ssh -L 1080:127.0.0.1:33444 host1 "ssh -D 33444 host2"
--j
More information about the Noisebridge-discuss
mailing list