[freenet-support] insecure mode and port forwarding
Matthew Toseland
toad at amphibian.dyndns.org
Mon Apr 28 18:00:32 UTC 2008
On Saturday 26 April 2008 02:43, Jim Cook wrote:
> As far as I know, I don't know anyone running Freenet, so I'm running
> in insecure/promiscuous mode. Freenet kindly warns me that others
> can therefore identify my node and attack it. However, although I've
> read the FAQ and googled some, I'm not clear what sorts of attacks
> are possible, other than knowing which sites I've visited.
Lots. Read the wiki, start with the security page:
http://wiki.freenetproject.org/FreenetZeroPointSevenSecurity
>
> Freenet also reminds me to forward UDP ports XXXXX and XXXX because
> I'm behind a NAT, and so other nodes behind symmetrical NATs can't
> connect to my node. However, Freenet seems to be working OK in that
> I'm connected to ca. 13 nodes. I currently don't forward any ports
> through my hardware firewall, and I hesitate to do so without
> understanding the security implications.
The result of forwarding the UDP ports is that Freenet can accept incoming
connections from nodes which it isn't already sending a packet to. This is
necessary for:
- Connecting to any node on a dynamic IP address. (You may still be able to
connect, but only if the node manages to connect to one of its other peers
and ARKs are working).
- Connecting to any node behind a symmetric firewall/NAT.
- Being a seednode.
>
> I'd appreciate suggestions for further reading re both issues.
>
> Thanks again.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://emu.freenetproject.org/pipermail/support/attachments/20080428/d04f09d6/attachment.pgp
More information about the Support
mailing list