 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>>>> On Windows, you'd type:
>>>>
>>>> route add 192.168.200.0 mask 255.255.255.0 192.168.1.1
>>>
>>> 1. I didn't know you could do that.
>>> 2. What does it do?
>>>
>>
>> It tells your PC that there's a network called 192.168.200.0 somewhere
>> voer there, and that to get ot it, you must forward the packets to
>> 192.168.1.1 and he'll take care of them.
>
> Interesting. I didn't know Windows was actually capable of doing that.
> Usually when I need a router in a hurry, I load up Linux and read some
> manpages...
>
> Hmm, I wonder... If my VPN client doesn't route all the subnets I want,
> can I get it to dump the packets onto the wrong LAN segment, and then
> trust the router at that end to take it to the correct place?
>
Assuming your router knows the way and there are no filters or
restrictions in place, yes.
>>> Incidentally, I gather that there's two ways to control the ASA. One
>>> involves telnet. The other involves a serial cable...
>>
>> Serial cable is required to give the machine its initial barebones
>> config, after that, it's telnet or preferably ssh. Since anyone could
>> sniff the telnet password.
>
> It's neat that you can configure it via IP. Then again, if you configure
> the IP stuff wrong, you need to connect somehow so you can reconfigure
> it. :-}
>
> I wonder what authentication options there are for SSH...
>
Userid / password. Either local or via an external authentication
system (TACACS, Radius, Kerberos, RSA SecurID, etc...)
--
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/* flabreque */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/* @ */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/* gmail.com */}camera{orthographic location<6,1.25,-6>look_at a }
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Le 2011-09-14 04:40, Invisible a écrit :
>>> So how do you prevent somebody connecting to your server a thousand
>>> times per second and feeding it duff credentials, thereby preventing any
>>> legitimate users logging in, and wasting lots of CPU power?
>>>
>>> See, security isn't so simple...
>>>
>>
>> by having a real firewall (such as the aforementioned Cisco ASA)
>> configured to throttle individual connections. ;)
>
> I'm sorry, I thought we were still talking about "why the average home
> user can't easily send a file to another average home user". :-) I doubt
> many home users will pay hundreds of pounds for a Cisco ASA and spend
> god-knows how long learning what "tee sea pee eye pee" is in order to
> set this up.
The average user will not get DDOSed unless he pissed off the person
DDoSing him. Even the morons of 4Chan don't DDoS random people for the
lulz.
If you are afraid of a denial of service attack, it means you have
something worth attacking. Therefore the few thousand dollars spent on
a decent security appliance will be worth it. How long can your
business withstand being offline before your loses are more than the
price of the firewall?
>
>> Now the /b/tard in question would have to use zombie PCs to do his DOS
>> against your machine.
>
> Yeah, because none of the script kiddies have figured out how to do
> that. ;-)
>
Most of them still ask how to download LOIC and act all surprised when
they get a knock on their door.
> Then again, if somebody decides to DDoS you, it doesn't matter if you
> have *no* ports exposed to the Internet... You still get no service.
>
> Sometimes I think it would be nice if there was a widely-supported
> standard for configuring the firewall at the /other end/ of the last
> mile to drop certain packets. But anyway...
A DDoS needs to be extremely big for an ISP to notice one of its
customers is under attack. And you need a special business relationship
to be able to call them up and ask that they block a certain type of
traffic at the head end.
--
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/* flabreque */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/* @ */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/* gmail.com */}camera{orthographic location<6,1.25,-6>look_at a }
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Le 2011-09-14 16:52, Orchid XP v8 a écrit :
>>>> Yep. You still need a computer for each user, tho.
>>>
>>> Sure. But I mean, you can set up an application server that more than
>>> one
>>> person can access, without doing anything particularly special.
>>
>> You can do exactly the same thing on Windows that you do on Unix.
>>
>> Log into the windows box remotely. Start an X client and point it at
>> your display. Disconnect without logging out. Someone else logs into the
>> windows box remotely. They start an X client and points it at their
>> display. They disconnect without logging out. Guess what? Windows
>> running X clients talking to two different X servers.
>
> Does anyone, anywhere on Earth, actually run X on Windows?
>
> I mean, I gather that you *can*. But does anybody actually *do* this?
>
Yes.
For two reasons.
1) One of the network monitoring software suite I use is an ugly Windows
port of something that was developped for Solaris. Most of the
configuration tools were written for Motif, and many of the command line
utilities are ksh scripts. So the 5 servers that run this particular
tool all run not only X11, but a "unix environment for Windows" as well.
2) Other servers I manages ARE running AIX, Solaris or Linux. so the
only way to run their GUI utilities is by tunnelling X through ssh back
to my PC. Just like about 100,000 of my coworkers do.
--
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/* flabreque */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/* @ */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/* gmail.com */}camera{orthographic location<6,1.25,-6>look_at a }
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Le 2011-09-15 15:29, Orchid XP v8 a écrit :
>>> I'm fairly sure I tested it, and discovered that I needed to turn off
>>> multiple things to stop it accepting my password as a valid login. But
>>> since that was then and this is now, I guess I might be incorrect.
>>>
>>
>> Did you at least refresh (aka reload) sshd when updating the
>> configuration ?
>
> Is rebooting the machine sufficient to do that?
>
> If so, yes...
>
Heathen! Linux machines do not need to be rebooted. Ever.
To quote Yoda: Unlearn everything you must.
--
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/* flabreque */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/* @ */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/* gmail.com */}camera{orthographic location<6,1.25,-6>look_at a }
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Le 2011-09-15 13:15, Orchid XP v8 a écrit :
>>> 1995? Jesus, that's WITHIN MY OWN LIFETIME! Compared to Unix, which
>>> almost pre-dates binary computers, that's ultra-modernist!
>>
>> Not only, but current ssh is version 2, which leave the status of draft
>> only in 2006; (1.99 is drafted version 2)
>>
>> ssh of 1995 was version 1 and limited to remote shell (with very limited
>> inband file transfer).
>
> I'm told v1 isn't as secure either. I don't know if that's actually true...
>
ssh 1.0's insecurity was a major plot point of the Matrix II or III.
--
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/* flabreque */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/* @ */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/* gmail.com */}camera{orthographic location<6,1.25,-6>look_at a }
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 9/12/2011 1:41, Invisible wrote:
> After reading several dozen forum posts, it seems nobody has a really good
> solution for doing this.
Actually, when you think about it, the two people in this situation are not
unlikely using two computers both of which are using the same IP address,
like 192.168.0.2. Hard to see how to make a TCP/IP transfer easy if both
target machines have the same IP address, regardless of software installed
or operating system in use.
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 9/15/2011 18:19, Francois Labreque wrote:
> Heathen! Linux machines do not need to be rebooted. Ever.
I'm pretty sure you're wrong on that one.
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 9/15/2011 1:07, clipka wrote:
> An X /client/ on Windows (that is, software running on a Windows host and
> displaying on an X terminal)? Doesn't sound like a common use case to me.
Yep. On the other hand, I was merely trying to point out that it wasn't the
fact that Windows was present that was causing the problem. Even non-server
versions of Windows (Pro, not Home, generally) let you have multiple people
logged in using it as a server.
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 9/15/2011 2:44, Le_Forgeron wrote:
> try playing xonix via VNC... it's far easier with just a X server on the
> windows system.
VNC wasn't really designed for efficiency.
> It's just a shame that windows applications are unable to be translated
> into X clients by MS.
X is a rather sucky protocol, in modern times, for doing this sort of stuff.
Lots of code breaks, for example, on a high-latency link, because so many
programs assume that things like change of focus will complete before
keypress events start arriving, but they don't. There's whole piles of
kludges to account for that kind of thing.
> (well, they still have that "one user at a time"
> approach in a lot of their code too)
No they don't. That's enforced entirely by the login program checking licenses.
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 9/15/2011 11:17, Orchid XP v8 wrote:
> If the two machines are on the same LAN, this probably isn't a problem.
Only if it's difficult to transfer data between the outside world and the
systems you're connecting, a la the original topic of the thread.
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|
