From owner-freebsd-questions@FreeBSD.ORG Fri Jan 2 21:53:41 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 865651065674 for ; Fri, 2 Jan 2009 21:53:41 +0000 (UTC) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Received: from wojtek.tensor.gdynia.pl (wojtek.tensor.gdynia.pl [IPv6:2001:4070:101:2::1]) by mx1.freebsd.org (Postfix) with ESMTP id C51248FC18 for ; Fri, 2 Jan 2009 21:53:40 +0000 (UTC) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Received: from wojtek.tensor.gdynia.pl (localhost [IPv6:::1]) by wojtek.tensor.gdynia.pl (8.14.3/8.14.3) with ESMTP id n02LrUId039960; Fri, 2 Jan 2009 22:53:30 +0100 (CET) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Received: from localhost (wojtek@localhost) by wojtek.tensor.gdynia.pl (8.14.3/8.14.3/Submit) with ESMTP id n02LrTLo039957; Fri, 2 Jan 2009 22:53:30 +0100 (CET) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Date: Fri, 2 Jan 2009 22:53:29 +0100 (CET) From: Wojciech Puchar To: cpghost In-Reply-To: <20090102193002.GA72103@phenom.cordula.ws> Message-ID: <20090102225246.C39956@wojtek.tensor.gdynia.pl> References: <20090102164412.GA1258@phenom.cordula.ws> <20090102180524.GA1742@phenom.cordula.ws> <20090102200221.K39573@wojtek.tensor.gdynia.pl> <20090102193002.GA72103@phenom.cordula.ws> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-questions@freebsd.org Subject: Re: Foiling MITM attacks on source and ports trees X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Jan 2009 21:53:41 -0000 >> other ways to compromise Your systems. >> >> if one really care then make your VPN for all your computers, use one that >> is unknown for others to download portsnap etc. and then use rsync to >> populate it to other machines. > > I'm already getting the files from one location and disseminate > them via rsync-over-SSH-over-VPNs to the server farms. But the > problem is the initial download from a cvsup mirror. That's the > one I'm really concerned with. just use widely-"unknown" computer like your private, even better - something that have dynamic IP :)