[Noisebridge-discuss] Anti-piracy / anti-Pirate Bay law currently in Congress
travis at subspacefield.org
travis at subspacefield.org
Tue Sep 28 14:48:02 UTC 2010
On Mon, Sep 27, 2010 at 09:07:04PM -0700, Matt Joyce wrote:
> I'd be willing to come up and talk about chaosvpn
Well if you could come to NB 2nd Sunday, we could do a joint talk at
BAHA:
http://baha.bitrot.info/
That would be cool.
Here's my VPN talk for Erik, who is not local:
http://www.subspacefield.org/security/vpn/vpn.pdf
Target audience is those wanting to connect their home, servers,
laptops, work.
I've got a few other points which aren't in the slides yet:
Do you trust DNS for VPN endpoints?
Why you want to run own DNS
OpenVPN - simple, xplatform
tunnel all traffic with redirect-gateway
bad when you want to hit intranet sites
you may not even be able to resolve internal DNS
IPSec - interop is problem, very complex
Isakmpd - OpenBSD hotness, does it work on Linux? Not well, last time I checked
bypass egress filters
RDR/DNAT trick for mapping them*
port TCP 80/UDP 53 for bypass
make your homepage in browser about:blank or localhost; after it loads is too late
note about WIFI IPs - can attack them directly, then get onto VPN
[*] That's a simple way to determine what the egress filter set is,
and tunnel your VPN out. Works nearly 100% of the time.
For further discussion, consider joining the BAHA list.
--
I find your ideas intriguing and would like to subscribe to your newsletter.
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20100928/c2d3ab33/attachment-0003.sig>
More information about the Noisebridge-discuss
mailing list