Re: HW and SW threats: how to block?

2018-04-14 Thread stan
On Sat, 14 Apr 2018 00:20:28 -0700 Samuel Sieb wrote: > On 04/12/2018 04:04 PM, Rick Stevens wrote: > > And again, if you don't allow your browser or mail client to install > > software (which is a spectacularly bad idea in the first place) and > > you're careful about which

Re: HW and SW threats: how to block?

2018-04-14 Thread Samuel Sieb
On 04/12/2018 04:04 PM, Rick Stevens wrote: And again, if you don't allow your browser or mail client to install software (which is a spectacularly bad idea in the first place) and you're careful about which links you click and which packages you download and install, it's sort of a moot point.

Re: HW and SW threats: how to block?

2018-04-13 Thread home user via users
> ...I think crypto-currency is stupid... I agree. That's why some people and organizations use coin mining. They get us to do all that grunt work for them. They use our cpu, our gpu, our electricity, and our money, and wear out our hardware. > Also, I have always been suspicious... I agree.

Re: HW and SW threats: how to block?

2018-04-13 Thread Eddie O'Connor
I don't know if this will top post or not since I'm replying via cellphone. But I'd like to chime in on a few points. First off? I think crypto-currency is stupid. There, I said it. Yes it's my opinion, and I know there are those who will disagree with me and I'm fine with that. But it still

Re: HW and SW threats: how to block?

2018-04-12 Thread Rick Stevens
On 04/12/2018 09:53 AM, Tim via users wrote: > Allegedly, on or about 12 April 2018, home user via users sent: >> Ad-blockers are not sufficient. So let's please get back to the >> original question. There are several coin-mining blockers available >> for Firefox. Based on your experience,

Re: HW and SW threats: how to block?

2018-04-12 Thread Tim via users
Allegedly, on or about 12 April 2018, home user via users sent: > Ad-blockers are not sufficient. So let's please get back to the > original question. There are several coin-mining blockers available > for Firefox. Based on your experience, which is most effective? I would hazard a guess that

Re: HW and SW threats: how to block?

2018-04-12 Thread home user via users
Interesting posts, but they've strayed. The first article I saw on coin mining is here: "https://finance.yahoo.com/news/hackers-using-victims-computers-mine-cryptocurrencies-154915570.html;. I saw another in CNN's finance web site, but I can't find it now. The first article says "Browser-based

Re: HW and SW threats: how to block?

2018-04-10 Thread jdow
On 20180410 18:46, Rick Stevens wrote: On 04/10/2018 06:13 PM, Ed Greshko wrote: On 04/11/18 07:27, Rick Stevens wrote: I seem to recall the same thing, that iptables opens incoming UDP port 53 for some period of time if it saw an outgoing UDP port 53 request. And I, like you, can't recall

Re: HW and SW threats: how to block?

2018-04-10 Thread Gordon Messmer
On 04/10/2018 06:46 PM, Rick Stevens wrote: Yes, I probably didn't say it well. I was inferring that if an outgoing UDP destination port 53 request was sent, then I think the iptables conntrack plugin opens incoming UDP traffic with a source port of 53 for some period of time, since this was

Re: HW and SW threats: how to block?

2018-04-10 Thread Ed Greshko
On 04/11/18 10:45, Ed Greshko wrote: > > Yes, conntrack is the module which controls this.  I believe you can modify > the time > by changing the value of /proc/sys/net/netfilter/nf_conntrack_udp_timeout or > maybe > nf_conntrack_udp_timeout_stream.  I'm guessing the former.  The little >

Re: HW and SW threats: how to block?

2018-04-10 Thread Ed Greshko
On 04/11/18 09:46, Rick Stevens wrote: > On 04/10/2018 06:13 PM, Ed Greshko wrote: >> On 04/11/18 07:27, Rick Stevens wrote: >>> I seem to recall the same thing, that iptables opens incoming UDP port >>> 53 for some period of time if it saw an outgoing UDP port 53 request. >>> And I, like you,

Re: HW and SW threats: how to block?

2018-04-10 Thread Rick Stevens
On 04/10/2018 06:13 PM, Ed Greshko wrote: > On 04/11/18 07:27, Rick Stevens wrote: >> I seem to recall the same thing, that iptables opens incoming UDP port >> 53 for some period of time if it saw an outgoing UDP port 53 request. >> And I, like you, can't recall what that period was--although I

Re: HW and SW threats: how to block?

2018-04-10 Thread Ed Greshko
On 04/11/18 07:27, Rick Stevens wrote: > I seem to recall the same thing, that iptables opens incoming UDP port > 53 for some period of time if it saw an outgoing UDP port 53 request. > And I, like you, can't recall what that period was--although I think > it was 60 seconds. That's still more than

Re: HW and SW threats: how to block?

2018-04-10 Thread Rick Stevens
On 04/10/2018 02:03 PM, Bruno Wolff III wrote: > On Tue, Apr 10, 2018 at 13:40:44 -0700, >  Rick Stevens wrote: >> True, but old DNS uses UDP and thus the responses aren't "related" to a >> given query (a stateful firewall couldn't necessarily determine that an >> incoming

Re: HW and SW threats: how to block?

2018-04-10 Thread Bruno Wolff III
On Tue, Apr 10, 2018 at 13:40:44 -0700, Rick Stevens wrote: True, but old DNS uses UDP and thus the responses aren't "related" to a given query (a stateful firewall couldn't necessarily determine that an incoming DNS UDP reply was solicited or not). I think related is

Re: HW and SW threats: how to block?

2018-04-10 Thread Rick Stevens
On 04/10/2018 01:22 PM, Joe Zeff wrote: > On 04/10/2018 01:03 PM, Rick Stevens wrote: >> 4. Use a highly restrictive firewall. Mine's set up so that NOTHING >> unsolicited gets in except ssh from specific IPs and DNS responses. >> > > That's a good idea, but remember, DNS responses aren't

Re: HW and SW threats: how to block?

2018-04-10 Thread Rick Stevens
On 04/10/2018 01:11 PM, Matthew Miller wrote: > On Tue, Apr 10, 2018 at 01:03:18PM -0700, Rick Stevens wrote: >> I've never understood the underlying concept of bitcoin/xmr/whatever >> mining. Currency (money) is usually tied, ultimately, to some physical >> thing. This just seems nebulous. Are

Re: HW and SW threats: how to block?

2018-04-10 Thread Joe Zeff
On 04/10/2018 01:03 PM, Rick Stevens wrote: 4. Use a highly restrictive firewall. Mine's set up so that NOTHING unsolicited gets in except ssh from specific IPs and DNS responses. That's a good idea, but remember, DNS responses aren't unsolicited; they're replies to queries you sent out.

Re: HW and SW threats: how to block?

2018-04-10 Thread Matthew Miller
On Tue, Apr 10, 2018 at 01:03:18PM -0700, Rick Stevens wrote: > I've never understood the underlying concept of bitcoin/xmr/whatever > mining. Currency (money) is usually tied, ultimately, to some physical > thing. This just seems nebulous. Are they using our systems to come up > with better

Re: HW and SW threats: how to block?

2018-04-10 Thread Rick Stevens
On 04/10/2018 12:18 PM, home user via users wrote: > Good afternoon, > > background: > In the past few months, I've seen a few articles on the internet about coin > mining, also called cryptojacking. Seems that in a variety of ways, software > can be loaded onto remote computers and then run