I do not consent to AI mining my thoughts.
@hakologist
Too late. Someone's already telepathically leeching intelligence from you. The brain worms are leaking from your ears when you sleep.
@lucifargundam these worms use TCP or UDP? Can I block the port?
@hakologist
Depending on the model, the two onboard auxiliary ports located on the north bridge can alternate between udp and tcp according to OS configuration.
In recent years, it's been found that these ports are exploitable through malformed packets when the OS incorrectly validates signatures from aforementioned bad actors. It is highly recommended that updates to security policies be audited and reimplemented accordingly.
Please keep in mind that although some systems may find relative stability through sandboxing in controlled Input/oupiutput environments, this does not alleviate the need to correctly adjust security precautions in order to maintain a fully functional system.
Additionally, there has been security advisories that warn about similar external threats coming from legitimately validated sources, but also provide corrupted packets. The basic steps to mitigate such occurrences is to actively sanitize and audit such traffic on a case by case basis until further notice.
Hope this helps.
@lucifargundam I use aggressive containerization and encrypt outbound traffic. But short of requiring manual airgapped decryption, I can’t guarantee that packets aren’t compromised at the destination. I also can’t promise that all inbound traffic has been encrypted from the source. But the bigger issue is the sheer volume of packets traversing my gateway, to which I have to rely on a single Pi2 running unsupervised ML in order to identify the malicious signals amongst all the noise.
@hakologist
>>I use aggressive containerization and encrypt outbound traffic.
<<Great practice, but surely that occasionally causes communication problems?
>>But short of requiring manual airgapped decryption, I can’t guarantee that packets aren’t compromised at the destination.
<<Everyone lies. That's the safest assumption. Zero-trust policy.
>>I also can’t promise that all inbound traffic has been encrypted from the source.
<< People can be complicated. Sometimes I wish there was a manual on how to communicate with others in the varying methods possible.
>>But the bigger issue is the sheer volume of packets traversing my gateway, to which
<< Do you keep records? Or is this a constant flow? You should schedule regular downtime for maintenance, updates, etc.
>>I have to rely on a single Pi2 running unsupervised ML in order to identify the malicious signals amongst all the noise.
<< Unsupervised? Does it not get updated at all? It's important to take care of yourself and not get overloaded with external interference!!
On a side note, remember to keep your liquid cooling system working properly by drinking plenty of water!
@lucifargundam In this sense, “unsupervised” doesn’t mean that it doesn’t get updated - it means that the model is looking for signals (malicious traffic) without being previously informed as to what those packets look like. If you had a list of malicious fingerprints, you’d run deep packet inspection. But without this, the only option that comes to mind is the “top down” approach (with aggressive logging) - fitting a model to the steady/normal state & using that to identify anomalies.
@lucifargundam I’ll correct myself before you or somebody else does, as there is “usually always” this other option:
@hakologist
Somewhat relevant if following the same layer of abstraction
@lucifargundam I don’t get the reference/abstraction
oh boy, I thought we were communicating on the same level...
Tell me, are you familiar with older forms of symbology, specifically cryptic communication using steganography inb4 industrial revolution??
@hakologist
Ahh, thanks for clarifying. I currently implement something similar in practical functionality. I try to avoid deep packet inspection too frequently because it takes up too much resources. I try to schedule that kind of audit for forecasted low-traffic hours. Tbh I need to do a better job of logging, but I've been too behind on other tasks to stay on top of it. @peterdrake seems to be doing an ideal job of keeping regular logs, hopefully I can follow that model eventually.
The recent uptick in malicious fingerprints has been frustrating to deal with in recent years, but I suppose that's why us admins fit our role so well. I do keep a small(inherently) list, but I need to also be skeptical of that list as it can be maliciously rewritten if unauthorized write access is given to a user who's found themselves in a privileged group (which I try to keep very limited).
@lucifargundam @peterdrake data logging is only as strong as your ability to organize it. Data can’t be owned - only known. If it’s not organized, it can become forgotten. #securityByObfuscation?
@lucifargundam I think I just described what it’s like to run a snooping Tor exit node (not to mention an everyday VPN/ISP)…or perhaps a full blockchain node that caches/correlates queries from upstream lite nodes (not to mention an everyday Coinbase/centralized exchange)…