[Dev] [consensus][due: 2016-08-10] increasing security in Parabola, servers
coadde
coadde at riseup.net
Tue Aug 2 22:08:17 GMT 2016
On 08/02/2016 06:20 PM, Luke Shumaker wrote:
> On Tue, 02 Aug 2016 15:38:01 -0400,
> coadde wrote:
>> I wrote /etc/network.sh
>
> Ok!
>
> Can you explain these two lines to me? I didn't see the point in them.
>
> ip neighbour replace 93.95.226.249 lladdr 52:54:5d:5f:e2:f9 nud permanent dev eth0
> ip addr del fe80::5054:5dff:fe5f:e2f9 dev eth0
"ip neighbour" is equivalent ARP on IPv4 and NDP on IPv6, i set it to
permanent on eth0 interface, due it avoid MAC spoofing[0].
"ip addr del fe80::5054:5dff:fe5f:e2f9 dev eth0" it removes the unused
and unsecured link-local address[1][2][3].
[0]:https://en.wikipedia.org/wiki/MAC_spoofing
[1]:https://en.wikipedia.org/wiki/IPv6_address#Stateless_address_autoconfiguration
[2]:https://en.wikipedia.org/wiki/Link-local_address#IPv6
[3]:https://en.wikipedia.org/wiki/Internet_of_Things#Unique_addressability_of_things
> Also, the netmask was wrong; the VPS-control-panel-specified
> 255.255.255.128 is equivalent to /25, not /24.
I put "/25", but the command "ip" may failed the connection.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20160802/fe0cda7a/attachment.sig>
More information about the Dev
mailing list