|
|
|
|
|
|
by ValdikSS
73 days ago
|
|
|
Anyone in "your lan" (L2 of the interface, sometimes L3 like VPN). Your containers/VMs will be fully accessible from other machines in "LAN" (hosting provider infrastructure, or ISP infrastructure), despite no port forwarding/publishing configured. Your IP could also be used to run DoS attacks on the internet, although in this case (compared to containers/VM access) the attacker won't be able to receive replies (one-way communication only, like the address spoofing). But if you also happen to configure NAT (MASQUERADE) without additional limits, anyone in "LAN" could use your machine as a router (use your IP address to access websites). Such misconfiguration is rarely told about in the how-tos and guides, and it's pretty common to have "additional free IPs" on your VPS/dedicated this way :D This is also true in case of manually crafted home routers (such as in this article, and misconfigured advanced routers like Mikrotik, OpenWrt, Cisco, etc): if you happen to unconditionally enable forwarding without firewall, and think that NAT will somehow block the access to your home LAN, that's not true. Your neighbor, connected to the same ISP switch, could just add the routing record to 192.168.0.0/24 via your router's MAC address and access your 192.168.0.0/24 LAN devices without restrictions (unless ISP specifically blocks such access). |
|
|