Yahoo wants your data

Discussion in 'Computers, Hardware, and Operating Systems' started by KK4NSF, May 18, 2019.

ad: L-HROutlet
ad: l-rl
ad: MessiPaoloni-1
ad: Left-2
ad: Left-3
ad: Subscribe
ad: L-MFJ
  1. KK4NSF

    KK4NSF Ham Member QRZ Page

    that is exactly what I was pointing out in the original posting..... but the system of data gathering / compiling / trading among companies does have weaknesses that can be used to deny the offending companies' the data they are seeking.

    I'm not going to discuss the various tools / methods that are available, but they are out there.
     
  2. KK4NSF

    KK4NSF Ham Member QRZ Page

    Do you mean this?
    Don't use Windows 10 - It's a privacy nightmare
    https://www.privacytools.io/operating-systems/#win10

    I agree with his assessment. Unfortunately, most folks are either too uninformed, or too lazy to care. Oh well.
     
  3. WB5UAA

    WB5UAA Ham Member QRZ Page

    It's not just passive gathering of your data, they (...folks trying to reach into your computer/LAN) are getting more and more aggressive. I put up a dark web site a couple years ago and opened that port on my hardware firewall just to see what came up in the logs and it was probed by 6 different countries within 12 hours.

    It's good to run a hardware firewall also. Just checked its log. Just this last week (last 7 days), I was hit by a whole bunch (189 separate attacks to be precise) of RST scans (That's an incomplete port scan -- reset before the completion of the four steps in the handshaking process -- designed to try to prevent being logged), Port (both TCP and UDP) scans, and Ping floods from:

    104.110.239.28 (Newark, NJ)
    104.152.52.24 (Chicago, IL)
    104.20.82.39 (San Franscisco, CA)
    13.249.64.93 (Ashburn, VA)
    13.249.77.81 (Ashburn, VA) (4 to 8 times a day!)
    136.243.60.85 (Germany)
    17.142.171.16 (Cupertino, CA)
    17.171.98.35 (Cupertino, CA)
    17.248.131.141 (Dallas, TX)
    17.253.3.205 (Dallas, TX)
    172.217.1.238 (Netherlands)
    18.234.188.235 (Ashburn, VA)
    206.189.254.17 (North Bergen, NJ)
    23.201.41.12 (Ashburn, VA)
    23.214.49.56 (Ashburn, VA)
    31.13.93.35 (Dallas, TX)
    50.63.243.230 (Scottsdale, AZ)
    52.94.233.94 (Ashburn, VA)
    52.94.236.223 (Ashburn, VA)
    52.94.240.240 (Ashburn, VA)
    54.208.15.78 (Ashburn, VA)
    61.135.185.248 (Beijing, China)
    64.74.133.80 (San Jose, CA)
    64.74.133.82 (San Jose, CA)
    64.94.179.44 (New York City, NY)
    66.150.223.113 (Dallas, TX)
    69.175.41.44 (Chicago, IL)
    72.21.206.56 (Ashburn, VA)
    77.247.110.130 (Netherlands)
    88.99.103.29 (Germany) (6 to 9 times a day!)

    I can only assume most of these have nefarious intent.

    A facebook exec, testifying before a house committee a couple weeks ago said, "There is no expectation of privacy anymore." For several years now, I just operate on the internet under the presumption that anything/everything I hit enter on is recorded by someone/somewhere -- no matter what I do to try to protect myself.

    Yahoo want's your data is an understatement.
     
  4. W9FTV

    W9FTV Ham Member QRZ Page

    The "NoScript" browser extension is great. It stops a huge amount of tracking/bad behavior before it can execute on your machine. It's not the easiest thing to use, but is well worth the effort to get to know.

    These days, I use Firefox, uBlock Origin, HTTPS Everywhere, Privacy Badger and NoScript.
    With the exception of NoScript, which can and does break website functionality on occasion, the others are very non-intrusive. The good thing is, once you understand how it operates, it's pretty easy to give websites the minimal access to your data that you want them to have.

    I don't use Google Chrome.
     
    K6CLS and N1OOQ like this.
  5. W9FTV

    W9FTV Ham Member QRZ Page

    I do IT for a living so I tend to go a little overboard. For a firewall, I use pfSense (pfSense.org) , a FreeBSD based software firewall that is updated with security patches and enhancements regularly. Besides sporting very effective packet filtering, it offers built in VPN functionality, DNS server and many plugin modules to add even more functionality. Granted, it's overkill for most people, but port scans and many other types of skullduggery are stopped dead in their tracks by a vanilla installation.
     
  6. N1OOQ

    N1OOQ Ham Member QRZ Page

    I ran an XP machine for a few years with nothing but NoScript to protect it. No problems whatsoever. That, and kept my nose clean as far as what sites I would surf. It ran quite fast like that... No antivirus crap sucking the life out of it.

    Now with that said, NoScript isn't "set it and forget it". You have to whitelist anything you want to look at.
     
  7. VE3CGA

    VE3CGA XML Subscriber QRZ Page

    so if I did say yes to oath, how do I stop it
     
  8. WB5UAA

    WB5UAA Ham Member QRZ Page

    Yes, I do IT for a living also. The internet is becoming a war zone these days. I've been relying on Netgear for my home protection but since I have a spare I7 PC with two Ethernet ports on it, I've been looking at options such as pfSense also.

    https://www.how2shout.com/tools/free-best-open-source-firewall-secure-network.html

    But what I'm really looking for is a firewall that responds to any kind of detected scan with a quick automatic port scan (just the first thousand and a couple of the standard hacker undefined high numbered ports...) back on the attacker's IP address -- just to let them know in their logs they're being watched.

    Know of any? Or do I have to write my own code (and be labeled as a... script kiddie?)
     
    W9FTV likes this.
  9. KA8NCR

    KA8NCR Ham Member QRZ Page

    I just can't bring myself to use 45 watts of power for a router of any type. I have been using ERL-3 and recently, the ER-4 from Ubiquiti. I like 'em.

    With respect to IPv4, why does it matter if you are dropping their packets? The whole point of dropping them is to give the impression nothing is there and if you start scanning them in response, well now they know they have a target.

    Not to be a buzz kill though, it would be a fun experiment to try to work out. It may be one easy route to tell your Netgear to log to a remote syslog, create a log watcher and when it sees the desired pattern, it fires off your response. You'll probably have to write it yourself, or you might be able to use something like Splunk free to ingest the log and handle firing off the response. Splunk has an API that talks to everything and should be able to kick off nmap.

    IPv6 makes the whole thing moot anyway because they don't have to port scan you first, they ping you because blocking IPv6 ICMP without breaking everything is tricky, and not something companies like Netgear have built into their current line ups. I figure if they manage to guess one of the one or two dozen addresses out of 1.845E19 possible addresses on a /64, yay for them.

    I'll also add, that there *are* legitimate reasons for the port scans. There are quite a number of research and security firms that routinely scan the entire internet.
     
  10. W9FTV

    W9FTV Ham Member QRZ Page

    I used hardware firewalls for years, but cheap home units aren't updated frequently enough and the 'enterprise' units are horribly expensive.

    You'd probably have to write your own automated port scanner, but if you add the Suricata intrusion prevention module to pfSense it shoudn't be too tough. I just drop packets at the first hint of a port scan, that usually lets them know I'm interested.
     

Share This Page