... And Ransom ware... Rrrrrrr

[Guest asrequested]

It was something I downloaded and was calling out. But the IPS blocked it and stopped it from connecting.

 

After a bit of research, IPS just warns you of outgoing problems, and blocks incoming problems. But I wouldn't have known it was there, if it hadn't told me. Sophos took care of it, though.

Edited December 22, 2018 by Doofus

[BAlGaInTl 279]

Anybody use or consider Backblaze B2?

 

I thought about setting up Duplicati with that for low cost emergency storage.

[Guest asrequested]

Since adding rules to pfsense, my USG IPS log is empty

[mastrmind11 717]

Anybody use or consider Backblaze B2?

 

I thought about setting up Duplicati with that for low cost emergency storage.

I use it, works well. I don't use it for media backup, just my server system files, but I don't see why it wouldn't work for everything.

[chef 3745]

I was talking to the IT guy at my work, and he asked me how many routers I have set up.

 

Currently I'm using the ISP's fibre router only.

 

He mentioned I should set up two.

 

Something about 10.1.1.X subnets for all local devices on a second router.

 

Then I see @ post and he has those subnets setup.

 

What exactly is happening there?

Edited December 30, 2018 by chef

[BAlGaInTl 279]

I was talking to the IT guy at my work, and he asked me how many routers I have set up.

 

Currently I'm using the ISP's fibre router only.

 

He mentioned I should set up two.

 

Something about 10.1.1.X subnets for all local devices on a second router.

 

Then I see @ post and he has those subnets setup.

 

What exactly is happening there?

 

Setting up "three dumb routers" is actually a pretty inexpensive and effective security measure to separate devices on different networks.

 

https://www.pcper.com/reviews/General-Tech/Steve-Gibsons-Three-Router-Solution-IOT-Insecurity

[BAlGaInTl 279]

I use it, works well. I don't use it for media backup, just my server system files, but I don't see why it wouldn't work for everything.

 

I don't think I would back up media that way... my normal media backup is just fine.  I have some other critical files on that server that I would like to have a cloud backup for in addition to my normal backup routines.

[mastrmind11 717]

I don't think I would back up media that way... my normal media backup is just fine.  I have some other critical files on that server that I would like to have a cloud backup for in addition to my normal backup routines.

then its definitely an option.

[mastrmind11 717]

I was talking to the IT guy at my work, and he asked me how many routers I have set up.

 

Currently I'm using the ISP's fibre router only.

 

He mentioned I should set up two.

 

Something about 10.1.1.X subnets for all local devices on a second router.

 

Then I see @ post and he has those subnets setup.

 

What exactly is happening there?

If you're gonna do it, go w/ a Unifi USG.  Very slick pro-sumer gear that just works.  Very simple to subnet stuff, and vlanning is supported making it even easier.  Also has built in Radius and VPN server, which automatically bridges your subnets from an external VPN connection.  And guest wifi is easily firewalled from your local subnets (its technically it's own subnet too).  Both doofus and I use unifi stuff, as well as a few others on here.

[tdiguy 96]

Do the fios routers not do any sort of nating at all? 

[mastrmind11 717]

Do the fios routers not do any sort of nating at all?

I believe so. There's a bunch of stuff hidden under advanced. I seem to recall having to fix the double nat nonsense when I first had it installed. I pulled mine and stuck the USG at the edge since I don't use cable boxes anymore anyway.

 

Sent from my SM-G965U using Tapatalk

[tdiguy 96]

I believe so. There's a bunch of stuff hidden under advanced. I seem to recall having to fix the double nat nonsense when I first had it installed. I pulled mine and stuck the USG at the edge since I don't use cable boxes anymore anyway.

 

Sent from my SM-G965U using Tapatalk

Hidden settings or settings that are considered too advanced for me to easily find annoy the daylights out of me. I havent had a ISP owned router in a very long time now. But i also dont have fios in my area. I refuse to be a comcast hotspot, literally no benefit for me in it, they should give discounts to their subscribers that transmit that hotspot imho.

[Guest asrequested]

I was talking to the IT guy at my work, and he asked me how many routers I have set up.

 

Currently I'm using the ISP's fibre router only.

 

He mentioned I should set up two.

 

Something about 10.1.1.X subnets for all local devices on a second router.

 

Then I see @ post and he has those subnets setup.

 

What exactly is happening there?

 

My configuration is a little different, but yes, I use pfsense as my router then the USG is next in line. As @@mastrmind11 says, using a USG is a good idea. In this situation, the USG automatically disables NAT, so you won't have problems with a double NAT. 

 

I set the USG (I have Unifi switches) to subnet 10.1.1.1/24. pfsense is at default 192.168.1.1. What this does is that pfsense issues an IP to the USG (192.168.1.x), beyond that, the USG handles everything else. It does make port forwarding a little more interesting. You no longer forward your WAN IP through the USG. You forward the local IP, and then you forward the USG IP through your router. So it changes IP. In my case, I'm also using a VPN interface. So I then have to port forward through that. At this point, it changes IP again, and also the port changes. That took a little bit to figure out

Edited January 7, 2019 by Doofus

[Guest asrequested]

Just wanted to say that pfsense is doing such a great job, that I have in fact disabled IPS on the USG  

[chef 3745]

When. You built your pfsense box, did you need to add a NIC card?

 

How did you build it?

[Guest asrequested]

When. You built your pfsense box, did you need to add a NIC card?

How did you build it?

I had a dual 10g NIC laying around. I basically built a computer out of spare parts, and installed pfsense. As long as you have dual gig NICs you can use almost any computer. There's a spec recommendation guide on their site, somewhere.

[chef 3745]

I had a dual 10g NIC laying around. I basically built a computer out of spare parts, and installed pfsense. As long as you have dual gig NICs you can use almost any computer. There's a spec recommendation guide on their site, somewhere.

10gig NICs is super impressive.

 

The fibre line comming into my house is SPF+ I think.

 

Maybe I need to find a NIC with SPF+...

Edited January 11, 2019 by chef

[chef 3745]

And just as a side note, my domain has been hit so many times by China Russia, and the US is crazy... They are not web crawlers either... Which is also crazy

 

I was introduced to a great program called WebLog Expert

 

Probably all VPNs though...

Edited January 11, 2019 by chef

[Guest asrequested]

My 10g NIC is RJ45. I wouldn't use SFP+. I've configured the firewall to block failed attempts if 3 per second and for 60mins. And Snort is blocking stuff, too. I also block all IPV6. The logs are long. Watching the firewall log in real time is interesting.

Edited January 12, 2019 by Doofus

[PrincessClevage 173]

And just as a side note, my domain has been hit so many times by China Russia, and the US is crazy... They are not web crawlers either... Which is also crazy

 

I was introduced to a great program called WebLog Expert

 

Probably all VPNs though...

peerblock is old but works well with a small cost of subscription and you can choose from various blocking list, even block all of China/Russia etc

[mlcarson 13]

Here's my 2 cents.  The default setting of any firewall/router will be to block all incoming connections.  This is what you want -- anything else is an exception.

For emby, I whitelist a remote IP address that I want to watch from.  For remote administration, I whitelist my work address (could be anything that you trust, has a static IP, and is available) and use it to add any additional IP's to my whitelist.   You shouldn't have outsider threats if you do this.  99% of any malware is going to be you establishing a connection to it via web browsing or downloading a file that contains hidden malware.    This is what you're paying for AV, DNS filtering, and firewall IDS for -- detecting what you already allowed in or preventing you from accidentally allowing something in.   

 

I've probably been lucky but only use Windows 10 Defender and Malwarebytes and haven't had any issues.   My router is an EdgeRouter Lite - it primarily routes and does basic packet filtering;  it's not a firewall.  Most devices that build in IPS or AV at a consumer level do it poorly, slow down the connection speeds, and create more problems than they solve.   I leave on the Windows Defender Firewall on each machine in my network and only allow required connections.     The Windows Defender AV used to be very poor but better than nothing -- it's come a long way since the WIn7 days. I think that it's cloud-Delivered protection contributed to that.  The best things about Defender though is that it's free, it's not creating system instability, and it's not slowing down my machine.

 

For backup, I'd love to use something like Backblaze but it doesn't seem feasible.  I've got Comcast so have 2 problems -- the monthly bandwidth limit and the upload speeds of 10Mbs.   Hard drive capacity has grown a lot faster than Internet speeds.   I think cloud backup is great for documents and pictures but not so much as a general backup scheme.  Even if I could send a provider a hard drive copy of everything I have and just send incremental changes -- it would still take forever to do a complete restore.    I've so far opted to just do backups via external USB drives. USB 3.1 is about as fast as it's going to get without using a direct SATA connection but still allows disconnection of the drives so ransomware or environmental concerns are mediated.   The downside is that I can't just automate backups so don't do them nearly enough.   

 

I don't use storage arrays but admit I may regret this decision at some point.  Here's the reasoning.  They all require additional storage for rebuilding a bad drive.  Less overhead generally means higher complexity and longer rebuild/restore times.   A storage array doesn't eliminate the need for backups.   My computers don't provide mission critical 24/7 services.  If a hard drive fails, it affects one computer and can be restored locally from backup.   The biggest downside is the cost of storage but those prices continually go down while the capacities go up.    So far, it's been more cost effective and efficient to go with local storage and USB backups than to do a NAS storage array.   The cost savings allow me to purchase more HDD's for backup.    If my media collection grows to more than a single HDD can contain, there's still ways of presenting it as a single volume with multiple HDD's that don't link the restoration of one to both.

 

Crossing my fingers that I just haven't jinxed myself.

[Guest asrequested]

White listing IPs isn't a great option. I connect from a mobile network quite often, and the IP changes. If you have static locations, that's fine, but doesn't work for general use.

[notla49285 46]

I've only just bought ESET, should I get Sophos instead?

Edited January 12, 2019 by notla49285

[Guest asrequested]

I'm not familiar with ESET, so I can't compare them.

[chef 3745]

I've been very happy with Sophos. Although I'm not familiar with ESET either.

 

Sophos caught a hidden version of psexec running on a windows theme editor I grabbed from DeviantArt.

 

Took care of it right away. Locked it up and threw away the key.

 

I was super impressed.

 

Bad hackers, go to your room!!