[luau] remote access: vpn or ssh

MonMotha monmotha at indy.rr.com
Mon Jul 1 21:15:00 PDT 2002


SSH (version 2 at least), has proven to be basically impossible to sniff 
or hijack.  Of course everything is encrypted from the start (first 
thing that happens is the client and server negotiate crypto), and this 
helps, but due to all the authentication (server auths to you before you 
auth to the server, good idea and prevents man in the middle attacks or 
IP address theft).

Of course VPNs have similar schemes, but if all you need is a remote 
shell (and remember, you can pipe things across SSH to do all sorts of 
neat stuff), SSH is probably simpler and has loads of clients available.

Spoofing a MAC address is trivial on Linux (ifconfig eth0 hw <type mac 
address>), but on windows the driver has to support it.  Also, the 
person spoofing has to know what MAC address to spoof to.  Basically, 
treat mac addresses like IP addresses; totally unreliable authentication 
wise, but can be useful as an extra sanity check.

--MonMotha

R. Scott Belford wrote:
> For remote access, is setting up a VPN inherently more secure than 
> establishing a SSH session?  Is either connection easier to sniff?  
> 
> Somewhat related, haven't I seen some discussion on the list about limiting 
> access based on the MAC address?  Does this offer the complete peace of mind 
> that it sounds capable of, or can MAC addresses be spoofed?
> 
> scott




More information about the LUAU mailing list