I have a VPS that I secure as much as possible since the IP is public, but does a wireguard-access-only homelab warrant the same efforts? Those with homelabs like this, what do you do?

  • surewhynotlem@lemmy.world
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    1
    ·
    19 hours ago

    If it’s just wireguard on a nonstandard port, then you are pretty much done. It’s UDP and won’t reply to incorrectly signed packets so it’s essentially invisible.

          • surewhynotlem@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            ·
            edit-2
            3 hours ago

            Assume a security researcher finds a bug in wireguard that, if sent a malformed packet, it can crash the service. Then it would be trivialy easy to send that packet to the default port on every IP address and just crash everything for fun.

            It costs me nothing to increment the port by 1 and avoid all that drama.

      • 0x0@infosec.pub
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        7 hours ago

        It is going to make fingerprinting more annoying while evading default port scans. That isnt nothing but you do you boo