ad: Alphaant-1

Yahoo wants your data

Discussion in 'Computers, Hardware, and Operating Systems' started by KK4NSF, May 18, 2019.

ad: L-HROutlet
ad: l-rl
ad: Left-2
ad: abrind-2
ad: L-MFJ
ad: Left-3
ad: L-Geochron
  1. W9FTV

    W9FTV Ham Member QRZ Page

    I wouldn't mind if the legitimate scanners asked beforehand and then provided results from their tests, but they dont. So, they get lumped in with the rest of the scanners with less than pure motives.
  2. KA8NCR

    KA8NCR Ham Member QRZ Page

    The two that I know about are keenly aware that they are usually seen as hostile, and are okay with that. One definitely provides a page that describes what they are doing and an opportunity to stop it. The other, dunno.
  3. W9FTV

    W9FTV Ham Member QRZ Page

    I view it like an unknown person coming to my house and checking for unlocked doors or windows. They may
    be there to help and let you know of problems, or they may not. I prefer to err on the side of caution.

    These days, the only open port they're likely to find is 25/tcp, and that's pretty well protected.
  4. KA8NCR

    KA8NCR Ham Member QRZ Page

    I don't think they are necessarily there to help with anything from an individual ISP customer perspective. But the insights that operations like Shodan and their peers or other researchers provide is invaluable.

    Among other uses, the data is third-party verification of a lot of vulnerabilities and their fixes.
  5. ND5Y

    ND5Y Ham Member QRZ Page

    Why use uBlock Orign and NoScript both?
    What does NoScript do that uBlock Orign (in hard mode) can't?
  6. W5UAA

    W5UAA Ham Member QRZ Page

    Ok, well maybe it wouldn't be a good idea to scan 'em back. The bible says "turn the other cheek." But there are other passages which state there is an undefined number of limited times you need to turn the other cheek before you can strike back. And if they scan me ...187 times/week, then...

    I just got pfsense up and running. (yes, 45ish watts of power...) (FreeBSD? Ya, that's old school Linux...) It's between my modem and my Netgear router. So I have a DMZ (192.168.1.x) and an internal LAN (10.0.0.x) now.

    Looking around the web page interface, I see all kinds of background traffic generated from one other Linux box, my wife's kindle, and the WIN7 box I'm typing on right now. (Diagnostics:States/States Summary) All I can say is, "I hope all those states associated with all those unknown IP addresses are harmless..."

    Well, at least my netgear WAN interface should remain blank of RST scans, UDP/TCP scans and ping flood entries now. I'll keep an eye on it.

    I'll need some time to go through all the screens available on pfsense.
  7. KA8NCR

    KA8NCR Ham Member QRZ Page

    They have different use cases. While NoScript can block advertising, it is primarily a tool for blacklising and whitelisting Javascript elements. uBO is for blocking advertising and uses several methods of blocking ads, including not executing Javascript. But it isn't good at targeting a particularly annoying element. NoScript and variants like ScriptSafe allow you to target one particular piece of Javascript, which cuts out the annoying bits without breaking the site.

    I leave NoScript off until I encounter a site that has a Javascript paywall, or some annoyance of "We see you're using an adblocker", and then I just pick through the JS references it it is all gone.
  8. W9FTV

    W9FTV Ham Member QRZ Page

    NoScript blocks execution of scripts sent to the browser. uBlock does some of that and blocks URL's of known advertisers/trackers.
  9. KK4NSF

    KK4NSF Ham Member QRZ Page

    since your system keeps logs of pings / queries / probes.... then half of your problem is done for you. Simply write a python script that generates a string of NMAP queries from the logged addresses, and use the loudest, most obvious scan type. Ping /Scan the holy hell out of 'em. That would generate a lot of info on the pingers, and certainly get the hackers attention.

    Unfortunately, it would also piss off some of them and put hacker crosshairs on your back. Hackers are a lot like dogs: if you challenge them directly, they tend to go into revenge mode. Some of them are very good at causing mayhem while hiding behind a spoofed IP address. So.... before you try it, I'd recommend setting up a TOR proxy server first and use that for your counter-attack. Even then, you may be playing with fire. Caution is advised.
  10. ND5Y

    ND5Y Ham Member QRZ Page

Share This Page

ad: Morse-1