It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
originally posted by: aesopsfables
I don't use WiFi...Ethernet cord hardwired. WiFi is dangerous in ways we don't understand yet
originally posted by: fixitwcw
but still, if you close your backdoors, though i dont know why you would leave access like that, do you still think they could do it?
originally posted by: AnonBelgium
a reply to: VirusGuard
Security expert? Why don't you use a MAC whitelist?
originally posted by: VirusGuard
Sorry I will not give out the name or model of my router
originally posted by: VirusGuard
if they dont have top of the range firewall/routers with all these options.
My modem I got for FREE from my ISP has both MAC white and blacklisting.
originally posted by: VirusGuard
Yes them Watchguard look good but you have to pay a fortune to the provider to use them i think else you get cut off and this is why people sell them as cheap as chips on ebay.
originally posted by: VirusGuard
The router i got from my ISP does not realy include anything that you could call a firewall and just a NAT for port forwarding and even that kept blowing up with some type of error about the file system on the device.
originally posted by: VirusGuard
Now I hate Google and i could block all the IPs (Millions of them) or use Url/keyword filters in the firewall but its like traffic lights with just red and green but what you also need is amber that tweeks the HTTP request sent out to Google because many sites just wont work without Googles spy scripts.
originally posted by: VirusGuard
Another example is a Samsung TV that addes it MAC address to the HTTP Request and if you block Samsung.com then the TV just wont work so in my case I tweek the request (Amber) in the proxy server and corrupt the MAC address before sending it on and this happens in the proxy server and the way i do this with a TV is to use the DNS server to hijack the DNS requests from the TV to force it to use the proxy server.
See my post on ISPs hijacking DNS lookups
www.abovetopsecret.com...
What i would love is the option in a firewall to port forward outbound request to a local proxy/port server because this hijack trick i use does not always work on things like an X-Box so please let me know if you know of any such devices.
originally posted by: VirusGuard
My other option is to replace the router with a PC that has two network cards and then use Popppe to connect to the WAN which might be the best bet because I also decrypt SSL traffic using fake certificates (MIM) and strip out/corrupt stuff google is uploading.
HTTPS is being used more and more to hide spyware activity and URL filters in hardware firewalls don't work because all they get to see is the HTTP CONNECT and don't get me started on microsofts back door Ipv6 Teledo tunnel that by passes both your windows and hardware firewall rules.
Microsoft talks big about security but to get anything working like "Play too" you need to open up just about every port on your LAN and MS is so good that when you add a new user to your machine then the old wifi password is kept from the previous account because you see MS wants to watch you and this is why using outbound firewall rules is so important
in effect the virus is already on your machine and it tries every trick in the book to call home and yet so few people seem to know or care about this.
originally posted by: VirusGuard
You seem to know what you are talking about and i think you already know that many of these free routers have ports left open for your ISP to use and they even put this information in your service contract to make it all legal like for them to browse you LAN
True but you can buy one cheap and replace the TransFlash Card with a larger one and use pfSense, I've tested that on a Watchguard Firebox X1000 and it worked like a charm.
Teledo tunnel indeed screws you over unless the firewall supports IPv6 and luckly more and more ISP's are transfering to IPv6.
originally posted by: VirusGuard
Do you know of a router that can redirect outbound traffic back to a proxy on the LAN ?
I want something like if destination = google then send to 192.168.1.20:80
originally posted by: VirusGuard
I turn IPv6 off and will resist the move to it as long as i can. We needed more that 4.2bn IPs but we didn't need to go as far as having an IP address for every milk bottle in the world that will ever be made. IPv6 does not work well along side IPv4 and is a desaster waiting to happen IMHO.
originally posted by: VirusGuard
I would say that you should buy something made in China but I hear that they are intercepting stuff and sending it off to be "Fixed" and the reason we all have 2-4gb vid cards is because they are taking screen grabs of encrypted documents/messages after you open them so who know how far it has all gone.
originally posted by: VirusGuard
I know my ISP is intercepting DNS request to google and i can understand why in many cases but what i don't get is why are they doing this to domain names no one has ever heard of and how the hell do they manage this on HTTPS/SSL without doing some type of man in the middle attack and sending out fake SSL certificates ?
originally posted by: VirusGuard
I don't want all HTTP on port 80/443 to hit a proxy because streaming kills the CPU and I don't care about traffic going to spyware.com because that gets blocked by the DNS server and i also don't care about traffic on an unknown blog site but the reason i force microsoft / google / samsung traffic to the proxy is so that i can tweek whats being sent.
originally posted by: VirusGuard
In any case i think i would install it on a PC witth two network cards with something like a I3 processor and not some junk old pentium processor that many of these routers use but then i start to ask myself why don't i just use the PC that hosts my custom DNS server and proxy server on the box because i know that can connect direct to the ISP using Popppe ?
originally posted by: VirusGuard
So my question to you is has anyone wrote somethinng in like fpSense that runs on windows and does a good job or would i have to write something from scratch myself to relay between the two NCs
originally posted by: VirusGuard
Spent the past day trying to hack my own WPA with these click and go programs and they are all scams, none work and they just want to install download managers and maleware on your machines. CommView is good and lets you see MAC addresses and traffic from all over the place but then you need to export the logs from CommView after paying them some money as a WireShark file and then when you crank up Aircrack-ng you are asked for a word dictionary so it becomes a case of using brute force on the shared public key.
I was wrong and call BS on my own post and I also call BS on Aircrack-ng who run youtube videos with the passwords already in the word dictionary or they have so much luck like they won the lottery three times in a row.
Still not sure how i got hacked but its not your script kiddy next door I don't think and who ever it is must be better than me.