[vcf-midatlantic] Museum report
Dean Notarnicola
dnotarnicola at gmail.com
Sun Apr 16 08:56:04 EDT 2017
Bill,
Nice, thanks, I agree. I'll see what we can do about getting a fixed
external IP for that router.
I would definitely recommend changing the ssh port. I've seen mobile
exploits that look for any vulnerability, especially on Android. I agree
that they don't usually do full port scans; waste of time on most mobiles.
Dean
On Sun, Apr 16, 2017 at 8:50 AM William Dudley <wfdudley at gmail.com> wrote:
> The Sprint-supplied router has no mechanism to work with dyndns.org or
> equivalent.
>
> I think the Sprint service blocks incoming traffic on port 80, but I can
> work around that
> by using port 8090 as the external access http port. I have the apache on
> the pi listening
> on both 80 and 8090. Sprint does allow incoming on port 22 (ssh), so I've
> been able to
> do some administration from home.
>
> The static ip is just so we can find the pi web server (on 8090) from
> outside, for administrative
> purposes. There won't be a lot of traffic, and only Evan and select few
> others will be using
> that, to allow updating the museum kiosk content from home.
>
> The next job that needs to be done is to delete the (useless) port forward
> for port 80 to
> the pi, and add a port forward to port 8090 on the pi. The pi is now
> static at 192.168.0.5.
> I was able to set that up in the Sprint router (mac address -> fixed IP
> address).
>
> Long term, I may move the listen port for ssh from 22 to something less
> obvious (security
> by obscurity), OR change the pi's ssh to only use public/private key
> authentication.
> Because our external IP is in a block usually used by cell phones, that
> means that it won't
> normally be a target for hackers, as they don't expect open ssh ports on
> cell phones.
>
> Any questions, don't hesitate to contact me.
>
> Bill Dudley
>
>
> This email is free of malware because I run Linux.
>
> On Sun, Apr 16, 2017 at 8:05 AM, Dean Notarnicola via vcf-midatlantic <
> vcf-midatlantic at lists.vintagecomputerfederation.org> wrote:
>
>> Thanks. I think our service let's us reserve one public IP. I'll work
>> directly with Bill.
>>
>>
>> On Sun, Apr 16, 2017 at 3:44 AM dave.g4ugm--- via vcf-midatlantic <
>> vcf-midatlantic at lists.vintagecomputerfederation.org> wrote:
>>
>> > If the routers external IP address changes you need some kind of
>> external
>> > service to find it.
>> > I use a dynamic DNS service from www.mythic-beasts.com. There is a
>> > scheduled task on my windows PC that updates the address.
>> >
>> > Dave
>> >
>> >
>> > > -----Original Message-----
>> > > From: vcf-midatlantic [mailto:vcf-midatlantic-
>> > > bounces at lists.vintagecomputerfederation.org] On Behalf Of Evan
>> Koblentz
>> > > via vcf-midatlantic
>> > > Sent: 16 April 2017 07:12
>> > > To: Vcf <vcf-midatlantic at lists.vintagecomputerfederation.org>
>> > > Cc: Evan Koblentz <evan at vcfed.org>
>> > > Subject: Re: [vcf-midatlantic] Museum report
>> > >
>> > > >> We can setup internal static IP addresses on the router, and setup
>> > port
>> > > forwarding so that they are accessible from the internet. No outside
>> > service
>> > > necessary.
>> > >
>> > > That's what Bill did, but there were issues related to the router's IP
>> > changing,
>> > > various ports being blocked (we think), and the router itself
>> > misbehaving.
>> >
>> >
>> >
>>
>
>
More information about the vcf-midatlantic
mailing list