alt Hacker NewsYeah, I have mixed feelings about CT (certificate transparency) for this reason. Folks are just consuming the firehose and scanning.
And in this case, if the thing you're funnel'ing is on your residential connection, it basically amounts to you summoning a DDoS.
One (obvious?) tip I'd offer is to put your stuff on high non-standard ports if you can. It'll reduce the amount of connections you get dramatically.
Replies
A DoS that will disappear once you close the funnel. Tailscale are proxying the traffic so your public IP isn’t exposed. Your choice of port makes no difference.
Even without CT, services on standard ports will quickly be discovered on IPv4.
> On a computer with a gigabit connection, ZMap can scan the entire public IPv4 address space on a single port in under 45 minutes.
When you care about this, if you're managing your own certificates, you can issue wildcard certificates.