[aprssig] Turn-key IGate
scott at opentrac.org
Fri Mar 25 12:37:20 CDT 2016
> If you think it's possible to drop a Pi on the Internet and walk away,
> you're in for a rude surprise.
With proper care in its setup, it's certainly possible to keep it
secure. A dedicated Igate only needs to make outbound connections; it
doesn't even need to respond to pings. If you need SSH access you can
lock it down to specific source IP addresses or you can use port
knocking to only open the port on demand.
My next tracker/TNC will be an IGate, too, and the chances of being able
to subvert it are slim, even for a targeted attack. The code runs from
flash memory and the system can disable code execution from RAM so even
if an attacker was to find a buffer overflow there's no way to inject
More information about the aprssig