I have a VPS that I secure as much as possible since the IP is public, but does a wireguard-access-only homelab warrant the same efforts? Those with homelabs like this, what do you do?

        • surewhynotlem@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          edit-2
          3 hours ago

          Assume a security researcher finds a bug in wireguard that, if sent a malformed packet, it can crash the service. Then it would be trivialy easy to send that packet to the default port on every IP address and just crash everything for fun.

          It costs me nothing to increment the port by 1 and avoid all that drama.

    • 0x0@infosec.pub
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      7 hours ago

      It is going to make fingerprinting more annoying while evading default port scans. That isnt nothing but you do you boo