Comment on How much do you secure a home server that's only accessible with VPN?
surewhynotlem@lemmy.world 1 day ago
If it’s just wireguard on a nonstandard port, then you are pretty much done. It’s UDP and won’t reply to incorrectly signed packets so it’s essentially invisible.
possiblylinux127@lemmy.zip 13 hours ago
Putting it on a non standard port will change nothing
surewhynotlem@lemmy.world 11 hours ago
Security through obscurity is not sufficient. It’s also not nothing.
possiblylinux127@lemmy.zip 8 hours ago
Wireguard doesn’t respond to port scans so it changes nothing
surewhynotlem@lemmy.world 8 hours ago
Assume a security researcher finds a bug in wireguard that, if sent a malformed packet, it can crash the service. Then it would be trivately easy to send that packet to the default port on every IP address and just crash everything for fun.
It costs me nothing to increment the port by 1 and avoid all that drama.
0x0@infosec.pub 12 hours ago
It is going to make fingerprinting more annoying while evading default port scans. That isnt nothing