1. Forum
  2. Usenet
  3. MICROSOFT.PUBLIC.WINDOWSX

  • Ping: Paul

    From David Brooks@21:1/5 to All on Wed Apr 12 23:14:46 2023
    Hi Paul 🙂

    How would you answer my question posed here:-

    http://al.howardknight.net/?ID=168133750800

    TIA

    --
    David

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From David Brooks@21:1/5 to David Brooks on Wed Apr 12 23:18:47 2023
    On 12/04/2023 23:14, David Brooks wrote:
    Hi Paul 🙂

    How would you answer my question posed here:-

    http://al.howardknight.net/?ID=168133750800

    TIA

    My question is in the Subject line of the header!

    *Would YOU grant access*?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Paul@21:1/5 to David Brooks on Thu Apr 20 13:39:06 2023
    On 4/12/2023 6:18 PM, David Brooks wrote:
    On 12/04/2023 23:14, David Brooks wrote:
    Hi Paul 🙂

    How would you answer my question posed here:-

    http://al.howardknight.net/?ID=168133750800

    TIA

    My question is in the Subject line of the header!

    *Would YOU grant access*?


    https://en.wikipedia.org/wiki/Internet_Key_Exchange

    "Most IPsec implementations consist of an IKE daemon that runs in user space
    and an IPsec stack in the kernel that processes the actual IP packets.

    User-space daemons have easy access to mass storage containing
    configuration information, such as the IPsec endpoint addresses,
    keys and certificates, as required.

    Kernel modules, on the other hand, can process packets efficiently
    and with minimum overhead - which is important for performance reasons."

    Perhaps you should use a "limited account" of some sort, one without admin,
    for credential management ? If there is a key store, it should only
    grant access to keys the limited account can access.

    Nobody should be asking you for a root or admin level of access.

    *******

    In many ways, this is just as stupid as your existing situation.

    You don't really want all the traffic in the hours, spewing out
    of Vladivostok.

    The advantage in routing all the traffic, is the session keys could be
    kept inside the broadband modem/router. The session is terminated inside
    the router, un-encrypted packets travel from the router on one side of
    the room, to your PC/Mac. The PC/Mac doesn't know what is going on.

    https://www.vpnunlimited.com/help/devices/guide-to-vpn-for-wifi-routers

    VPN Unlimited supports the following routers:

    Asus RT-N16 (Tomato firmware)
    Asus RT-N66U (Tomato 1.28 by Shibby)
    Asus (Asuswrt-Merlin)
    DD-WRT
    GLiNet Router
    OpenWrt

    Xiaomi Mi Router 3
    pfSense
    TP-Link
    Padavan
    MikroTik

    Paul

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From David Brooks@21:1/5 to Paul on Thu Apr 20 21:55:10 2023
    XPost: alt.computer.workshop

    On 20/04/2023 18:39, Paul wrote:
    On 4/12/2023 6:18 PM, David Brooks wrote:
    On 12/04/2023 23:14, David Brooks wrote:
    Hi Paul 🙂

    How would you answer my question posed here:-

    http://al.howardknight.net/?ID=168133750800

    TIA

    My question is in the Subject line of the header!

    *Would YOU grant access*?


    https://en.wikipedia.org/wiki/Internet_Key_Exchange

       "Most IPsec implementations consist of an IKE daemon that runs in
    user space
        and an IPsec stack in the kernel that processes the actual IP packets.

        User-space daemons have easy access to mass storage containing
        configuration information, such as the IPsec endpoint addresses,
        keys and certificates, as required.

        Kernel modules, on the other hand, can process packets efficiently
        and with minimum overhead - which is important for performance reasons."

    Perhaps you should use a "limited account" of some sort, one without admin, for credential management ? If there is a key store, it should only
    grant access to keys the limited account can access.

    Nobody should be asking you for a root or admin level of access.

    I agree - but that's exactly what ClamXAV wants!

    *******

    In many ways, this is just as stupid as your existing situation.

    You don't really want all the traffic in the hours, spewing out
    of Vladivostok.

    The advantage in routing all the traffic, is the session keys could be
    kept inside the broadband modem/router. The session is terminated inside
    the router, un-encrypted packets travel from the router on one side of
    the room, to your PC/Mac. The PC/Mac doesn't know what is going on.

    https://www.vpnunlimited.com/help/devices/guide-to-vpn-for-wifi-routers

        VPN Unlimited supports the following routers:

        Asus RT-N16 (Tomato firmware)
        Asus RT-N66U (Tomato 1.28 by Shibby)
        Asus (Asuswrt-Merlin)
        DD-WRT
        GLiNet Router
        OpenWrt

        Xiaomi Mi Router 3
        pfSense
        TP-Link
        Padavan
        MikroTik


    Thanks, Paul :-D

    I ask these questions because I read many things about 'bad guys'!

    https://grahamcluley.com/macstealer-newly-discovered-malware-steals-passwords-and-exfiltrates-data-from-infected-macs/

    My ACW newsgroup added!

    --
    Kind regards,
    David

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)