-
• #577
(most to ubnt.com & nest.com).
What will you lose if you just block these?
-
• #578
Aye, would never usually open a port but if Wireguard is listening on port 5xxxx using UDP, it doesn’t even respond without a key so appears as a closed port.
-
• #579
It isn't like TV hacking.
You can check the traffic coming and going to that port to see what is going on.
-
• #580
Lol. Really? What is this magic you speak of?
My point is more that I've worked in IT infrastructure for over 15 years, have a way above average understanding of firewalls and networking but I also know the following
1) I don't have the time or discipline to make sure that my network hardware and ancillary services are patched to latest level.
2) I don't have the time or discipline to stay up to date on particular vulnerabilities relating to hardware and services on my network
3) I don't trust hardware manufacturers or service providers to stay ahead of attack vectors.My opinion is heavily skewed by the fact that I have been a deliberate target for hacking over the last 7 years and sometimes have items of value that attract attention on my networks but even if that wasn't the case and I had nothing to protect, my three points would still stand.
This is why I prefer to keep my internal network internal only and limit what I have to pay attention to.
-
• #581
Magic of monitoring of traffic going too and from a router?
How did you know you were a being targetted?
As a by line, have 'acquaintances' who are hackers. This is what they get paid (quite well) to do. They do have lots of funny/bizarre stories.
-
• #582
How did you know you were a being targetted?
CSB warning.
I was speaking at a Blockchain event in a hotel in London in 2015 and had a quantity of cryptocurrency stolen shortly afterwards. After an exhaustive investigation, using a third party security company, it turned out that my macbook had a known Intel vulnerability exploited via the hotel wifi AP and some code was injected into the firmware. This code was used to listen for keystrokes and ultimately used for lifting a private key.
Apart from that, which happened on the road, I receive maybe three attempts a month to get me to click on a malicious link targeted specifically to me as a result of what I do for a living. My security precautions tend to spot two or three attempted remote attacks on my network each month too.
-
• #583
Magic of monitoring of traffic going too and from a router?
I was being facetious. I'm a lapsed CCNA.
EDIT: I forgot, was full CCNP in 2011 also
-
• #584
ubnt.com - the performance stats on the internet and I think some of the external app bits
nest.com - I suspect that ability to check in on the Nest bits that I've got round the house (3 thermostats, and 3 smoke alarms)I think that even if they are blocked at nextdns, they still count as a lookup (which is fair enough)
I think that unbt had about 10k lookups (which is slightly nuts, a ping every 30 seconds), and nest about 5K (so one a minute, again a bit nuts TBH).
A PiHole looking to limit queries via aggressive caching and letting nextdns do the heavy lifting might be the answer
-
• #585
Id like to understand why these query rates are so high.
Hue Sync PC software seems to query api.amplitude.cim 15k times per day on my network!
-
• #586
Actually very interesting, the hotel wifi scam was and is common and was the chip venerability was known but never announced till a patch was found.
Feels like they have stolen from you once so they keep trying.
Does bit coin mining open you to more vulnerability? Do SETI still use computers screensavers to work on data as a sort of cloud computing and does that open vulnerability?
-
• #587
Actually very interesting, the hotel wifi scam was and is common and was the chip venerability was known but never announced till a patch was found.
Sounds like we are talking about different things.
Does bit coin mining open you to more vulnerability?
No idea, not my area really. Perhaps if hackers become aware that you might be holding large quantities.
-
• #588
Looking into a budget NAS and/or media centre.
At the moment I'm quite tempted by a ODROID XU4 or C2, but reining it back in for a second I think I would be better getting a 2nd hand Pi and try using one of my old x-HDD (or even just an old HDD).
Is the Pi 2 the sensible sweet spot for the older Pis for this application? My only concern is lack of wifi, but I guess this can be dealt with using a dongle.
EDIT: comparison table saved for posterity:
https://socialcompare.com/en/comparison/raspberrypi-models-comparison
-
• #589
If it's for a media NAS then WiFi is not a good idea. Get that badboy ethernet wired into the fastest, most central point of your network.
-
• #591
Good point.
-
• #592
NAS drives
At the moment it's more of a proof of concept... or perhaps proof of utility is a better term.
Initial thought was:
Odroid HC2 ~£50
WD red 2TB ~£60
Misc ~£20
Total ~£130-150Vs.
2nd hand RPi2 ~£20
Old x-HDD/HDD ~£0
Misc ~£20
Total ~£40-50Which is a reasonable saving.
-
• #593
closed port on my router.
-
• #594
So just looking at the last 24 hours:
nest.com is hit 2422 times, of which 1508 are logsink.devices.nest.com (the others must be under 350 each, as they don't show in the top 10 resolved domains)
ubnt.com is hit 2906 times, of which 2752 are ping.ubnt.com (again, others must be under 350 as per above)
For Nest, I've 6 Nest devices, 4 of which are hard wired to power. My understanding is that the battery powered ones only check connectivity a couple of times a day, whereas the others are much more frequent. That would make 4 devices checking in 1508 times, meaning each does it ~375 a day, or 15 times an hour, so once every 4 minutes ish.
With the Unifi one, I do wonder if each device on the network checks in individually, I've 3 switches, 4 APs and a cloud key, so that's 8 devices. If it is each device, then that would be each 344 per day, or ~15 and hour again,
I'll try to dig out other domains later on.
-
• #595
Although if it's a Pi2 the ethernet is only 10/100 Mbit/s (which I think is also shared with the usb) so what/where it's plugged into isn't likely to be a bottleneck.
-
• #596
Holy shit that's horrifying.
Edit: I'm just thinking through how this would have worked.
So I guess they got your password, then tried it on a bunch of crypto exchanges? But then you would have been protected by 2FA?
Or they would have needed the private key for your wallet - but you never type that in, you unlock it with a password.
Maybe with your password they were able to SSH into your laptop and grab the private keys? But you're on OSX so that's unlikely... -
• #597
.
1 Attachment
-
• #598
I have a variety of Pi's with various different OSs (home assistant, volumio, raspbian, etc) that I want to back up to a network drive every week or so.
What are the suggestions for this? Some kind of cron job triggering some kind of script or something, would that work on the variety of different Pi OSs? (I know what all those words mean but little idea of how I'd make that work.)
-
• #599
Cron and rsync work well enough for me.
Aren't most Pi OSs look inux based? I'd expect them all to have rsync is their repos.
-
• #600
Cheers. I'd favour a disk image over copying files (easier to restore and I seem to remember stuff about rsync not necessarily playing nicely with NTFS drives). dd could be an option unless anyone has any better suggestions. Something that produces images on the basis of space used rather than SD card size would be good.
Although I assume this will founder where I often do with problems on writing to a samba share.
I've got Octoprint running on a Pi3...its well worth it.