@hakologist
Too late. Someone's already telepathically leeching intelligence from you. The brain worms are leaking from your ears when you sleep.
@lucifargundam these worms use TCP or UDP? Can I block the port?
@hakologist
Depending on the model, the two onboard auxiliary ports located on the north bridge can alternate between udp and tcp according to OS configuration.
In recent years, it's been found that these ports are exploitable through malformed packets when the OS incorrectly validates signatures from aforementioned bad actors. It is highly recommended that updates to security policies be audited and reimplemented accordingly.
Please keep in mind that although some systems may find relative stability through sandboxing in controlled Input/oupiutput environments, this does not alleviate the need to correctly adjust security precautions in order to maintain a fully functional system.
Additionally, there has been security advisories that warn about similar external threats coming from legitimately validated sources, but also provide corrupted packets. The basic steps to mitigate such occurrences is to actively sanitize and audit such traffic on a case by case basis until further notice.
Hope this helps.
@lucifargundam I use aggressive containerization and encrypt outbound traffic. But short of requiring manual airgapped decryption, I can’t guarantee that packets aren’t compromised at the destination. I also can’t promise that all inbound traffic has been encrypted from the source. But the bigger issue is the sheer volume of packets traversing my gateway, to which I have to rely on a single Pi2 running unsupervised ML in order to identify the malicious signals amongst all the noise.
@hakologist
>>I use aggressive containerization and encrypt outbound traffic.
<<Great practice, but surely that occasionally causes communication problems?
>>But short of requiring manual airgapped decryption, I can’t guarantee that packets aren’t compromised at the destination.
<<Everyone lies. That's the safest assumption. Zero-trust policy.
>>I also can’t promise that all inbound traffic has been encrypted from the source.
<< People can be complicated. Sometimes I wish there was a manual on how to communicate with others in the varying methods possible.
>>But the bigger issue is the sheer volume of packets traversing my gateway, to which
<< Do you keep records? Or is this a constant flow? You should schedule regular downtime for maintenance, updates, etc.
>>I have to rely on a single Pi2 running unsupervised ML in order to identify the malicious signals amongst all the noise.
<< Unsupervised? Does it not get updated at all? It's important to take care of yourself and not get overloaded with external interference!!
On a side note, remember to keep your liquid cooling system working properly by drinking plenty of water!
@lucifargundam In this sense, “unsupervised” doesn’t mean that it doesn’t get updated - it means that the model is looking for signals (malicious traffic) without being previously informed as to what those packets look like. If you had a list of malicious fingerprints, you’d run deep packet inspection. But without this, the only option that comes to mind is the “top down” approach (with aggressive logging) - fitting a model to the steady/normal state & using that to identify anomalies.
@lucifargundam I’ll correct myself before you or somebody else does, as there is “usually always” this other option:
@lucifargundam I don’t get the reference/abstraction
@hakologist
oh boy, I thought we were communicating on the same level...
Tell me, are you familiar with older forms of symbology, specifically cryptic communication using steganography inb4 industrial revolution??