Firewall security: Problems with simple Samba file share 3604

Specific to you perhaps, but if you are trying to communicate to me, you need to use words that have a generally accepted common meaning, or else explain them.

Are you polish? Answering a question with a question is usually called a "polish answer"! (this is a matter of pride to a pole, so it's not an insult :-).

Well, however it was done, it appears that you have no secrets that you can effectively guard!

Logical deductions from nonsensical situations may result in nonsensical conclusions. Since the logic is correct, one deduces that the hypothethis was incorrect.

Good.

Yes you did - I quote: "no public logins". I do not know of any meaning for "private login", and thus I know of no meaning for "public login". I asked you if you mean "no logins via ssh", and you did not give a civil answer. I can't do more to ask you what you may mean. Either say or put up with my interpretation.

OK - but if the use for the f-w is to protect you against people who have already stolen your private key, then you should ask how it helps you. It didn't stop them stealing your private key.

Fortunately, that's not the issue here. State your logical problems and I will be glad to help with them.

Indeed - being on uranus is the only protection that is significant. Anyone who can get to uranus has such capabilities that dealing with a safe will be no problem to them.

It's the same with ssh.

So attacks against its encryption ("it") don't matter. Let them try from china.

It does - because if they don't attack the cryptgraphy, then they must already possess the key, which says that your security has already been breached.

So let's say that your f-w is a damage limitation exercise - make it hard for them, now they have the key, to use it directly from china.

Uh uh .. they got the key while the f-w as in place. Didn't stop them getting the private key!

So you can let people attack it for as long as you like - it makes no difference.

The attack that makes sense is not against ssh but against the place that held the keys for ssh, thus rendering an attack against ssh unnecessary. That's the only sensible route - don't attack the fortress, attack the servant who has the keys to the fortress.

Your f-w, therefore is aimed at preventing people who have already got the keys from using them (I deduce this because people who don't have the keys can try forever to break in if it suits them - it suits me to have them trying!).

Or are you worried about dictionary attacks ... no, you are using PK authentication, so no dictionary attacks.

Anyway, your f-w stops people who already got your secret keys from logging in using them from a source IP in china. That's silly. They already got the private key (from china! Or elsewhere) - your security is already a nohoper and your f-w didn't help.

So, the logic goes:

1) buttume your f-w is helpful 2) we deduce its use is in preventing people from using a key (via china) that they have already stolen (via china). 3) therefore yur f-w is not helpful, because if it were it would have stopped them stealing the key 4) so by contradiction, your f-w is not helpful.

I think you are now thinking that the f-w use is to make it harder to make casual use of the key, which maybe they got hold off on a once-off when a disk was sent away for data recovery or something similar.

Well, they already read that disk. Your f-w did not stop them.

So you want to use the f-w to help stop them leveraging their info. Tough - they already got enough to blackmail an employee into letting them in!

I am not being told "it". I rely on human beings to speak in order to communicate with me.

Peter