Language:
switch to room list switch to menu My folders
Go to page: First ... 27 28 29 30 [31]
[#] Wed Sep 07 2022 14:08:56 EDT from LoanShark

[Reply] [ReplyQuoted] [Headers] [Print]

If there were some sort of standalone user mode NAT for Windows, that

worked like the one built into VirtualBox, I'd love to use that.

I don't know about "user mode", but Internet Connection Sharing could perhaps be pressed into service.

[#] Thu Sep 08 2022 17:35:49 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Great idea, but unfortunately WSL2 already uses "Internet Connection Sharing" which creates a "Microsoft Hosted Virtual Adapter" and the damn VPN blocks that as well.

[#] Fri Sep 09 2022 08:59:46 EDT from LoanShark

[Reply] [ReplyQuoted] [Headers] [Print]


Oh, I see. I don't suppose they make a Linux client that you can run in WSL2 (which, spoiler alert, might depend on systemd these days)

[#] Sat Sep 10 2022 11:08:21 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

They do. I haven't tried it, but in the past I used the open source OpenConnect client instead of AnyConnect, which worked really really well until they implemented 2FA in the most boneheaded mode possible; it insists on chaining out to the browser instead of offering other options like entering a code or answering a text message. I haven't tried the Cisco branded client inside of Linux but everyone says it's awful.

The other problem is that a client running in WSL2 wouldn't be able to get to the VPN server because the AnyConnect client in the parent operating system has already blocked all network traffic other than itself. And even if I could get the client to connect ... well, for one thing I'm already on the corporate network so I wouldn't need it, and also, the server rejects connections from the inside. And they probably won't let the same user connect twice anyway.

Keep the ideas coming if you have them, but so far I've run through all of the ones suggested. The VPN server can be configured to allow clients to access their local networks, but they have that option shut off. I think this is going to have to be an effort to convince Corporate IT to flip that setting for us. Fortunately, it's no longer just "that one weirdo who wants to run Linux" but we have an entire DevOps team who are now struggling with it, so maybe there's some more clout available now.

[#] Sat Sep 10 2022 11:49:53 EDT from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

Same here, its damned annoying.  ( and one reason i went to VMs for work.  Fine, let them restrict it, i still can do what i want on the host )

Sat Sep 10 2022 11:08:21 AM EDT from IGnatius T Foobar
The VPN server can be configured to allow clients to access their local networks, but they have that option shut off.

 



[#] Mon Sep 12 2022 09:13:58 EDT from LoanShark

[Reply] [ReplyQuoted] [Headers] [Print]


I mean it shouldn't be that one weirdo in this day and age, unless your whole org is committing to deploying everying on fucking Azure.

People need a development platform that matches prod, at least more or less. Maybe that's macOS, maybe that's Linux, but it almost certainly isn't Windows.

[#] Mon Sep 12 2022 09:17:12 EDT from LoanShark

[Reply] [ReplyQuoted] [Headers] [Print]


For VPN, my org uses a product called pritunl, which is free/open (in the base edition, at least) and implements OTP sanely enough. DNS on Linux currently requires a manual shell script run after to connect to get it to do what you want, but apart from that the support for Linux, Windows and Mac clients is easy to get going.

[#] Mon Sep 12 2022 09:28:50 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

It isn't that one weirdo anymore. We have a devops team now and they all know and love native Linux tools, because devops tools run on Linux (or FreeBSD or MacOS I suppose, but never Windows).

I'm going to be flying out to corporate HQ this afternoon for a week of meetings.
If I run into our CISO I'm going to ask him about this. He's an old friendly from when we were a much smaller org.

[#] Tue Sep 13 2022 12:49:03 EDT from LoanShark

[Reply] [ReplyQuoted] [Headers] [Print]


Unrelated - there was a well-known troll website that experienced a DDoS recently. Got a chance to watch how they responded, in real time.

There were able to keep a static portion of their site up. Dynamic forum content was a different story.

This got me thinking about how to build a DDoS resilient website. This used to be something I had filed in the category of "shit, I hope I never have to deal with this, head in the sand, I'll burn that bridge when I come to it."

Now it seems a lot more feasible. Route everything through a globally distributed edge network (CDN) like CloudFlare or CloudFront. Put a bit of code in edge to authenticate requests if necessary. Obfuscate your origin IP. Use auto-blocking rules if necessary. This all seems very doable and maybe even not prohibitively expensive with the right provider.

[#] Tue Sep 13 2022 18:35:45 EDT from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

i think a lot of people are letting CF do that for them.   Reduces your local resources. 



[#] Fri Sep 16 2022 12:47:51 EDT from LoanShark

[Reply] [ReplyQuoted] [Headers] [Print]


right, and if you execute well on it, it could be pretty bulletproof. Write a Lambda@Edge script to authenticate your bearer tokens; instant reduction in malicious traffic that makes it all the way to your true backend host.

[#] Fri Sep 16 2022 17:30:01 EDT from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

Worst case. you pull the DNS record..  



[#] Fri Sep 23 2022 09:11:25 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Since when is Uber a "well-known troll website"? (Oh wait, that was a security fail, not a DDoS...)

I'm currently doing some work for one of the more popular free speech social networks. Without the dynamic content, there's really no point in logging in at all. CDN can deliver the site framework and the code that runs it ... that's about all, unfortunately.

Writing to a FaaS platform sounds interesting for that purpose, if you can find one that supports multiple cloud providers.

[#] Sat Sep 24 2022 12:38:44 EDT from nonservator

[Reply] [ReplyQuoted] [Headers] [Print]

"Troll website" is the new "right wing extremist".



[#] Sat Sep 24 2022 15:04:53 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

I am assuming he's talking about Kiwi Farms. Personally, I find Twitter and Facebook to be MUCH more offensive than Kiwi Farms, but I am assuming that the big corporate oligopoly (or as Josh calls them, "smug, dangerous perverts") pressured CloudFlare into not only revoking service but possibly also helping to compromise the site.

There is currently a user impact statement, prognosis, and technical explanation at [ https://kiwifarms.net/ ].

Let's be honest: Kiwi Farms *is* a well known troll website. That's kind of what they do. But I'm going to throw in my hat for their side, because (1) free speech, and (2) many of the people they troll deserve it. If weaponized karens can take Kiwi Farms off the Internet, then I should be allowed to take The Young Turks off the Internet for all the same reasons.

From a technical point of view, the idea of using a CDN to amplify DDoS attacks is an interesting one. I don't know if that's what happened but the potential for abuse is alarming. I'm sure Censorflare and the rest spend a lot of time thinking about these things though.

[#] Sun Sep 25 2022 12:22:17 EDT from nonservator

[Reply] [ReplyQuoted] [Headers] [Print]

Trolling means trying to get a reaction. I'm sure some posters on KF do that, but for the most part they keep their discussions to themselves, and the rules are specifically intended to minimize outside influencing.



[#] Sun Sep 25 2022 17:21:50 EDT from darknetuser

[Reply] [ReplyQuoted] [Headers] [Print]

There is currently a user impact statement, prognosis, and technical

explanation at [ https://kiwifarms.net/ ].

Let's be honest: Kiwi Farms *is* a well known troll website. That's

kind of what they do. But I'm going to throw in my hat for their side,

because (1) free speech, and (2) many of the people they troll deserve

it. If weaponized karens can take Kiwi Farms off the Internet, then I

should be allowed to take The Young Turks off the Internet for all the

same reasons.


I am having trouble accesing the forum from here. Do you have any other place where I can read about what happened?

[#] Sun Sep 25 2022 18:48:49 EDT from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

What little bit i saw, he got hacked ( using a rather sophisticated process i guess ) and its shut down until he can sort out the mess.



[#] Mon Sep 26 2022 14:06:45 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

I don't think the forums are up right now. Or maybe I just didn't know where to look. All I saw was a static site.

Go to page: First ... 27 28 29 30 [31]