[Noisebridge-discuss] How do you secure your public wifi usage?
Jonathan Lassoff
jof at thejof.com
Thu Jan 7 00:22:52 UTC 2010
Excerpts from Seth David Schoen's message of Wed Jan 06 15:36:40 -0800 2010:
> I've never used -w, but if it implements TUN, it should be possible to
> use it with _any_ kind of IP packet (not just TCP and UDP, which
> SOCKS5 supports). Thus, you could presumably do ping and traceroute
> (which rely on ICMP) and other non-TCP/UDP protocols like SCTP. That
> would definitely not be possible with the SOCKS proxy created by -D.
>
> If you're using TCP or UDP over TUN, you should also be able to see
> the individual packets, whereas SOCKS5 will just show you their
> payloads.
It also has the advantage of being able to point your default route over
the IP tunnel and not having to rely on *hoping* applications get the
right proxy configuration and don't leak anything out.
ssh -w makes an IP tunnel, but still has the overhead of SSH's internal
windowing mechanisms as well as your kernel's TCP windowing on top of
that.
Something as simple as IPIP tunneling with IPSEC or tinc over UDP avoids
these headaches for high-bandwidth-but-still-crypted connectivity.
--j
More information about the Noisebridge-discuss
mailing list