Tailscale funnel will get you services scanned by Russian IP's (opens in new tab)

(infosec.exchange)

1 pointsgnyman2y ago2 comments

2 comments

2 comments · 1 top-level

PLG882y ago· 1 in thread

For sure, this is why I personally believe sharing platforms (Funnel, CF Tunnel, ngrok, zrok etc) should all have security hardening, WAF-type features, and auth so that anyone cannot just scan and access your services. To me, this is table stakes which Funnel does not provides.

gnymanOP2y ago

Agree, but instead we get defaults which will expose and announce services to the world without any auth or warning, all in the name of convenience. And tailscale is far from alone with this as you say, it applies to everything from databases to these services.

Do happen to know if the other services also create unique SSL certs for each service?

j / k navigate · click thread line to collapse