I have a VPS that I secure as much as possible since the IP is public, but does a wireguard-access-only homelab warrant the same efforts? Those with homelabs like this, what do you do?

  • 0x0@infosec.pub
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    6 days ago

    It is going to make fingerprinting more annoying while evading default port scans. That isnt nothing but you do you boo

    • sandwichsaregood@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      8 hours ago

      I agree that there is some value to obscurity generally, but Wireguard already evades port scans and fingerprinting. Unless a packet is signed with a known key, it gives no response to traffic, so scanners and fingerprinters see a closed port. You ISP can identify WG traffic while you are connected by inspecting your traffic, but random scanners won’t see anything. Look on shodan, you won’t see Wireguard.