[ale] VPN connections at Emory

Ron Frazier (ALE) atllinuxenthinfo at techstarship.com
Tue Jan 22 15:01:23 EST 2013 

inline

JD <jdp at algoloma.com> wrote:

>On 01/22/2013 01:38 PM, Ron Frazier (ALE) wrote:
>> The TOS at most institutions forbid guest access to wired ports. 
>But, we
>> won't mention that.  I don't know about this specific institution.
>
>Perhaps it would be easier to just bring a wifi router to plug into the
>podium
>port from now on?  I have a tiny travel wifi router that I use at other
>meetings
>which is perfect for this.
>

I REALLY think that would violate their TOS.  We don't want to get thrown out of the facility.  I could be wrong though.

Ron

>> Un natted connections sound a bit disturbing.  I would think the
>whole
>> institution would be running on a giant nat.  Even so, I think a
>Windows
>> machine should be OK as long as the OS firewall was running.
>
>NAT is not a method of security.  It is the firewall and LACK of NAT
>forwarding
>to specific ports that matters.
>
>If you run iptables on your Linux machines (who has just 1?) with
>logging
>enabled, you can see all the traffic that "NAT routers" allow in that
>you would
>never expect to see. Seriously - enable logging on iptables and watch
>all the
>attempts from behind a NAT router. These are inbound packets, not
>responses.
>
>MS-Windows is not safe on any network, IMHO.  It is simply too much of
>a target.
>Linux without good firewall settings is scary too.
>
>> Re VPN, I was running hotspotvpn on Windows the other night at the
>meeting on
>> the wireless.  I was using HTTP protocol as far as what the menu
>says.  I
>> assume it was using SSL on 443.  I think it runs OpenVPN under the
>covers.
>> It was working fine.  When I ran speedtest.net to test it, it showed
>my data
>> exiting the tunnel in California.  Not the most efficient, perhaps,
>but it
>> worked.  They have a linux option, but I haven't gotten that working
>yet.
>
>I was using an NX remote desktop (ssh tunnel over port 443) while on
>Emory's
>Guest wifi network too. That worked.  I tried to use an ssh tunnel over
>a port
>in the 48K-55K range and it was blocked.  There didn't seem to be any
>dropped
>connection the entire time.
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://mail.ale.org/mailman/listinfo/ale
>See JOBS, ANNOUNCE and SCHOOLS lists at
>http://mail.ale.org/mailman/listinfo


--

Sent from my Android Acer A500 tablet with bluetooth keyboard and K-9 Mail.
Please excuse my potential brevity.

(To whom it may concern.  My email address has changed.  Replying to former
messages prior to 03/31/12 with my personal address will go to the wrong
address.  Please send all personal correspondence to the new address.)

(PS - If you email me and don't get a quick response, you might want to
call on the phone.  I get about 300 emails per day from alternate energy
mailing lists and such.  I don't always see new email messages very quickly.)

Ron Frazier
770-205-9422 (O)   Leave a message.
linuxdude AT techstarship.com

More information about the Ale mailing list