Actually, it was a mistake NOT reserving more human-friendly IP blocks for documentation/example purpose. The three /24 blocks reserved all fail blatantly because nobody remembers them, and they look as unsuspicious as normal blocks.
220.127.116.11/24 would be a much better choice because people would easily remember them and know it's not "real", just like you would not take a phone number 123-4567 on a filled form as "real" (even though it might be).
Next time you make anything, please remember to design for human.
By the time 192.0.2.0/24, 198.51.100.0/24, and 203.0.113.0/24 were allocated in RFC5737, it was too late.
IPv6 makes human IP addresses meaningless, but even they I believe they allocated 2001:DB8::/32
What a stupid address range for examples
Tell that to my blog dead:beef:dead:beef:dead:beef:dead:beef
Except when buying a TV -- that would be W1A 1AA
I told the cashier "That's me, don't you recognise me without the makeup?"
I said how in the comment to which you replied.
Where did I say, "fact that they showed no reaction"? Why do you interpret something unstated as a fact?
Saying that not carving a single /24 out of a class A network is bad UX when variable length netmasks weren't even in use yet is a fundamentally silly misreading of history.
I had earlier setup a pfsense box purely for ad blocking and to keep out Google/Microsoft creepware. But I had stopped using it because of the learning curve. Now, I am learning how to properly configure it.
Its kind of amusing if you think about it. In olden days, people had to worry about physical attack of their house. Nowadays, I am more worried about these virtual attacks.
I have to admit that I downloaded the pdf ebooks from piracy sites. So don't know if they had some malware in them. I did scan them with MBAM, Avira, MS Defender before use though. Note that i didn't download them from Surface. I downloaded them using a Ubuntu VirtulaBox VM running on another laptop. I restore the VM to a previous snapshot each time after use.
Really, even securing your house is tricky. My place in Florida was built with the hinges to the front door on the /outside/ because of local building codes. Unfortunately, I only realized that after it was built. The locks are nice, but any enterprising thief would simply pop the hinges and remove the door if I hadn't taken steps to prevent it.
Bypassing locks is easy, and security systems are only useful when law enforcement is at the ready (rare in many places).
I tried to turn it on around 8:50 pm. Here, "SURFACE\name" is my MS account.
> 4/9/2018 8:49:40 PM Remote Desktop Services: Session logoff succeeded: User: SURFACE\name Session ID: 3
> 4/9/2018 8:49:40 PM Session 3 has been disconnected by session 3
> 4/9/2018 8:49:40 PM %s from %S( #0x%x/0x%x )
> 4/9/2018 8:49:40 PM Session 3 has been disconnected, reason code 11
> 4/9/2018 8:49:41 PM Session 4 has been disconnected, reason code 11
> 4/9/2018 8:49:41 PM Remote Desktop Services: Session has been disconnected: User: SURFACE\name Session ID: 3 Source Network Address: LOCAL
> 4/9/2018 8:51:00 PM Begin session arbitration: User: SURFACE\name Session ID: 4
> 4/9/2018 8:51:00 PM End session arbitration: User: SURFACE\name Session ID: 4
>4/9/2018 8:51:00 PM Remote Desktop Services: Session logon succeeded: User: SURFACE\name Session ID: 4 Source Network Address: LOCAL
>4/9/2018 8:51:00 PM Remote Desktop Services: Shell start notification received: User: SURFACE\name Session ID: 4 Source Network Address: LOCAL
I am not sure if the entries at 8:49 pm is what I saw as the "remote session active". Also, I am not sure if this LocalSessionManager is the right place to look.
I stopped using pfSense because I had enabled many block lists in pfBlockerNg and it was blocking sites like Github. Now, I am learning how to properly configure it. I also setup an ELK dashboard yesterday night. This is a heatmap of the scans in last 30 minutes.
I've been using an OpenBSD based router for years with no UPnP support and never had any issue (like unable to play online games or anything). I'm really curious why it's present on all home routers.
For starters, a lot of gaming companies now depend on people having this so that the users run the servers instead of the gaming company having to pay for the infrastructure. They won't begin to explain to kids how to forward ports.
Many app makers now assume this as well and certainly do not want to explain to non technical users how to forward ports to a machine on their network.
IoT is just leveraging an existing precedence.
I think this kind of knowledge should be common, I mean, you should have a "network" course at school, learn how to forward ports and basis about how internet works.
Well, this is another discussion.
Please assume a consumer grade router given by the ISP and _maybe_ another one bought off the shelf at a box retailer. Also assume unable or unwilling to flash firmware.
Disable remote maintenace / web access. Many router web UIs have exploitable flaws that can be used to bypass password authentication.
Ensure that you are always running the latest firmware version. If there are no up-to-date versions / the router is too old, you might complain to the ISP. However, they might try to sell / rent you the latest and greatest router model then.
Disabling upnp will do it. I’m going to set up blocking all inbound on 1900 on ISP’s router stopping traffic before it gets to my home router. I might finally be grateful for being forced by the isp to use their hardware for nothing other than a hop between my network’s router and the isp’s network.
By this do you mean a public remote address/login or the generic 192.168.0.X login page when on the serving network?
I was paying $60 per year for a DOCSIS 2 modem. Replaced it with a DOCSIS 3 for $90. Huge speed boost for almost free.
Sometimes your only choice is changing the ISP.
It should be impossible to be unaware that your home network's outbound is saturated all month. It's ridiculous.
UPNP is a mess and I'm not even sure if there is a way to proplerly make it secure.
Still, I'll be blocking port 1900 and focusing more on defense in depth on my home net...
The irony is that back when I was a teenager adminning our home routers, I'd always disable UPnP simply because of what it is -- at the time it stood to reason that any consumer POS device could bypass the firewall with it and do horrible things from the inside out. Nowadays I've become a bit lazy because I think I'm pretty fatigued at fighting this kind of junk.
I have been using 2x wall-mounted industrial mini PCs running Debian to cover 2400 sq two story house. They just work. They have no software that is tricky or unknown. Hell, the one that has a cross connect to the cable modem even run a firewall. Speeds blow consumer routers out of the water. I even have a guest network so the visitors can access internet and not see anything else they are not supposed to have access to. Cost? $300 for both.
It’s amazing that these devices even work.
But you can get Mikrotik routers for about $50, which are great. Also you can choose to have a dedicated router with no wireless, and have a dumb access point dealing with the wireless part. However, ordinary consumers won't bother.
i work at a contract engineering firm which employs a lot of folks who've stuffed linux into embedded products (frequently ones expensive enough that if you have to ask the price, you can't afford it), though not afaik any routers.
this kind of work is done by firmware engineers who were hired because they had "linux" on their resume. they have no networking experience, and know less about security. to the extent that the project manager is aware that security is a thing, they assume any "technical" person is as good as any other on the subject. how the devices will be kept up to date is not discussed until right before the software is delivered (if ever).
Can you share the manufacturer/model # of the devices you are using?
Just got another X32 for a different project. I replace broadcoms with Atheros and use little VESA mounts mounts from Ebay that I drill into a dry wall by the ceiling. After that mounting them on a wall is no different than attaching them to the backs of the monitors.
I recommend AliExpress as the source for the systems themselves ( blows ebay out of the water ). Strangely, mounts are cheaper on Ebay.
If only there was a slither of corporate responsibility and associated punishment, probably a big ask from governments benefiting handsomely from the vulnerabilities despite the loss to the citizens they represent.
Guess it could be considered a new form of taxation? National security only really extends the physical domain.
Are you suggesting private APT's exist? Seen no evidence so far that it's anyone but a dozen nations who lamely try to rebrand every now and then.
UPnP is a world of trouble in general, but even moreso for the average person disabling it in a house full of kids. There's needs to be responsibility taken by any large tech company pushing insecure products on their customers.
 researchers at Symantec had uncovered parts of this proxy network due to their ongoing investigation into the “Inception Framework,” and the APT group behind it.
Source? This isn't a new report. All it talks about is that misconfigured upnp is used by one APT framework (see: https://www.symantec.com/blogs/threat-intelligence/inception...).