Open darkk opened 8 years ago
lepidopter may be exposed to Internet, it has ssh enabled with weak default password and authless ooniprobe web interface.
I can imagine several (unlikely, but imaginable) cases for the exposure:
I can suggest couple of ways to restrict management interfaces:
network-change
ip -o addr
ip neight
lepidopter may be exposed to Internet, it has ssh enabled with weak default password and authless ooniprobe web interface.
I can imagine several (unlikely, but imaginable) cases for the exposure:
I can suggest couple of ways to restrict management interfaces:
network-change
event triggered by dhclient/systemd/whatever parse output ofip -o addr
and allow source IPs from known subnetsnetwork-change
event parseip neight
and deny source MACs of various routers