On Mon, 1 May 2023 09:45:22 -0700 Jeremy <j...@jer.cx> wrote: > Pretty neat that you don't use NAT. I had a public IP on my laptop > once(ONCE) & the Chinese kept sending garbage to any port that was > open & it made my laptop hot(almost burned my thighs!) What's your > secret to avoid this??
I had a public IP for 18 years. The secret is to not have open ports ;) In the early years it was not a problem... but it slowly got worse and worse. I moved my website to the cloud. I moved my email to the cloud. For ssh I either moved the port (easy) or later added port knocking (harder). I also found used bad guys in iptables. Basically, if you hit my firewall on a bad port, you are put in the bad guys list. This blocks your ip for a couple of minutes. This makes port scans super expensive. Today I have a Bell router in front of my router with no port forwarding. It means I cannot remotely ssh to my systems... but really hasn't been that limiting since I work mainly from home now. So I have a Bell router, connected to my main router (Linux box), which is connected to a wireless router for wireless. Yes, the Bell router has wireless, but it is in the basement and doesn't have a great signal. And I already had the wireless router. Cheers, Sean
