GIF
Recent searches
Search options
#firewall
2 posts2 participants0 posts today
Hey other #network folks I have a weird #firewall and #NAT question. I'm looking at the firewall traffic log where my work laptop (I'm in the office) is the source, and I'm looking at the traffic connecting to my home plex server.
The plex server is a private IP behind NAT. In the log I show the putbound traffic from my work laptop to my home router IP, but I also see a following entry with the private IP that my router is forwarding plex's port traffic to. I thought anything done behind NAT wouldn't show up, especially because I'm only looking at the initial communication out, and not the return communication from my server to my me. Is my understanding of NAT wrong?
I set up a few honeypots in Europe this weekend mdr.
My servers found russian unreported, so I guess it works fine. So I feed a list + self-report to AbuseIP every day.
It's downloadable for everyone for free 
GitHubGitHub - DXC-0/Malicious-Robots.txt: list of malicious addresses and robots producing spam, bruteforce, attacks ... IPs come from my own honeypot servers in Europe.list of malicious addresses and robots producing spam, bruteforce, attacks ... IPs come from my own honeypot servers in Europe. - DXC-0/Malicious-Robots.txt
Blain Smith Replied in thread
@n_dimension @shaknais @maxleibman what kind of facist policestate has it become?
- Oh nevermind, having an encrypted phone or using secure communications is also illegal, I guess... [1 - 5]
And to enshure "criminals" can't just order something on ShitExpress, they now have an #IMEI-#Allowlisting / #Firewall in place that makes the #Turkish Registration Demands look chill in comparison, [6 - 10] cuz they only yeet devices after 90 days and not preemtively block them from any network!
- This wouldn't be such a proplem if Australia was like Germany where the furthest doctor away is 1hr by bike and the worst one could get is a bite from a rabid fox and having to get some post-exposure shots. So yeah tourists are not gonna be able to call for help in down under...
Seriously, whoever came up with these ideas needs to touch grass, preferablzyin the outback on foot!
Replied in thread
@jherazob @leberschnitzel they already exist...
- Worst case fork #PoWshield as used by the fmr. admin of #IncognitoMarket if you don't want to work with your hoster/upstream to block #DDoS attacks through #blackholing and having a proper #Firewall setup!
I think it's bad #TechPopulism to think that #Anubis will fix all the issues.
- It's like #KernelLevelAnticheat, #Antivirus and #DRM: A hamfisted approach that harms legitimate users more than the bad actors!
Just block all the #GAFAMs ASNs & #hosters that host #Scrapers so the industry cracks down harder on them than on #IRC, #Tor #ExitNodes, #CSAM & #BitTorrent combined!
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@nixCraft@mastodon.social what we should do is *literally* [block](https://github.com/greyhat-academy/lists.d/blob/main/scrapers.ipv4.block.list.tsv) all the #scapers network-wide (as per IP block allocation) and #DROP all traffic to/from them, because #Anubis requiring #JavaScript makes it #ableist and bricking #TUI browsers like #LynxBrowser...
- #OnionServices on #Tor / @torproject@mastodon.social show [how it's done…](https://infosec.space/@kkarhan/114437837120770551)
#Job Zum nächstmöglichen Zeitpunkt suchen wir in #Bonn für das Referat Z/5 „Informationstechnik“ Verstärkung im Bereich #Netzwerke und #Firewall. Zu den Aufgaben gehören u.a. die Konzeptionierung, Durchführung und Koordinierung von Projekten zur Neu- und Weiterentwicklung von Firewall- und Netzwerk-Infrastrukturen.
Hier erfahrt ihr mehr: https://www.bpb.de/561580
Kommt gerne auch am 8. Mai um 15 Uhr beim offenen Online-Treffen vorbei, wo ihr das IT-Team kennenlernen und Fragen stellen könnt.
I was trying to use
Brilliant, this should be easy then!
WRONG.
This is what
So I wrote my own in a new file at /etc/ufw/applications.d/ufw-prosody like this:
then
#XMPP #Prosody #ufw #iptables #firewall
iptables decided that life is too short for this hobbyist to go down that path, so installed ufw and saw there was an XMPP app profile when doing ufw app list.Brilliant, this should be easy then!
WRONG.
This is what
ufw app info XMPP gave:Profile: XMPPWhich is um... not many ports. And naturally broke things like image uploading.
Title: XMPP Chat
Description: XMPP protocol (Jabber and Google Talk)
Ports:
5222/tcp
5269/tcp
So I wrote my own in a new file at /etc/ufw/applications.d/ufw-prosody like this:
[Prosody]Which after saving, doing
title=Prosody XMPP
description=Prosody XMPP Server ports per https://prosody.im/doc/ports
ports=5000,5222,5223,5269,5270,5281/tcp
ufw app update Prosody,then
ufw app info Prosody now gives:Profile: Prosody
Title: Prosody XMPP
Description: Prosody XMPP Server ports per https://prosody.im/doc/ports
Ports:
5000,5222,5223,5269,5270,5281/tcp
ufw allow Prosody to apply (allow) the rules and all is well again.#XMPP #Prosody #ufw #iptables #firewall
Wie bringt man die Mitmenschen nur dazu, den Mailverkehr zu verschlüsseln? Stöhn... 
Rough time to have DOGE running around cutting staff in US Government in seemingly random ways...
Replied in thread
@micahflee lemme guess: @eff just took a multi-network eSIM and multi-network WWAN modules to scan for "#deauth" / "#EvilTwin" attacks?
Cuz I remember @heiseonline or @golem actually suggest this as a method to detect #IMSIcatchers without requiring an expensive #SDR:
- By precisely looking when which WWAN stick (for #3G back then) got disconnected and warning if they all got disconnected & reconnected at the same time...
AFAIK #GSMK uses that same technique for their #Baseband-#Firewall to automatically detect #Interception attempts and deploy countermeasures!
Continued thread
- OPNSense from the Netherlands
- https://opnsense.org/
- OpenWrt International
- https://openwrt.org/
Many of them also offer hardware and if no hardware is offered or you want something of your own then you will find everything you need here, https://www.nrg-systems.de/
#firewall #networksecurity #itsecurity #cybersecurity
2/2
/EOL
OPNsenseOPNsense® is an open source, feature rich firewall and routing platform, offering cutting-edge network protection. - OPNsenseWe’ve made digital security accessible to everyone. With our free OPNsense® platform, you get all the features of expensive commercial firewalls and more. Enjoy open and verifiable sources in a product developed with and for a large user community.
For good reasons, I have completely switched from US providers to EU FOSS projects and solutions since around 2020. Here are the router/firewall solutions.
- DD-WRT from Germany
- https://dd-wrt.com/
- DynFI from France
- https://dynfi.com/
- IPFire from Germany
- https://www.ipfire.org/
- Mikrotik from Latvia
- https://mikrotik.com/
- Nethsecurity from Italy
- https://nethsecurity.org/
1/2
dd-wrt.comDD-WRT
Tech advice needed.
I need lightweight, simple and configurable firewall software for Windows 10. I have to keep my config going just a few more months and then will kick Windows to the curb. Zone Alarm Pro Firewall is my current software and they are dropping it in favor of a bulky suite that I hate.
Anyone have suggestions?
#Windows10 #ZoneAlarm #Firewall
You Want To Host Your Own PeerTube Server, Right?
"Imgur, TikTok, and Reddit Investigated Over Use of Children’s Data"
And, this is a surprise because...? Every single keystroke is recorded somewhere by someone. If you aren't behind a #firewall and a #vpn, you're easy pickings. Soon, your audio and video will be recorded and analyzed as well. #1984 is alive and well.
https://petapixel.com/2025/03/03/imgur-tiktok-and-reddit-investigated-over-use-of-childrens-data/
PetaPixel · Imgur, TikTok, and Reddit Investigated Over Use of Children's DataThe U.K. wants to investigate how these platforms use the personal information of teens.
Continued thread
@torproject same with #obfs4 bridges: there is no option to say like ports=80,443 or similar, which makes it cumbersome to get said bridges.
- And yes, for people stuck on #publicWiFi and shitty #MVNO|s this is most likely the only way they can get any #Tor connection work through #CGNAT and #firewall|s, as most do #BlockTor and it's associated #ports alongside common #proxy ports like 8000-9999 and anything they can't #MITM that isn't #HTTPS or #IMAP!
And trying to get places to #DontBlockTor that criminalize the use of #Tor is foolish at best.
Replied in thread
@ProPublica Get your act behind a #vpn, #firewall, #encrypted email, #burnerPhone and #pw protected computer. Just bc you're paranoid doesn't mean #MAGAmron and #muskrat aren't out to get you! Even if you're not the target, you don't want to end up as collateral damage.