I have a VPS that I secure as much as possible since the IP is public, but does a wireguard-access-only homelab warrant the same efforts? Those with homelabs like this, what do you do?

    • surewhynotlem@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      7 hours ago

      Assume a security researcher finds a bug in wireguard that, if sent a malformed packet, it can crash the service. Then it would be trivialy easy to send that packet to the default port on every IP address and just crash everything for fun.

      It costs me nothing to increment the port by 1 and avoid all that drama.

      • SayCyberOnceMore@feddit.uk
        link
        fedilink
        English
        arrow-up
        1
        ·
        21 minutes ago

        And, to be fair, you’ll know more about your setup when you don’t use the defaults as you have to learn more…