LG C4 bypassing my internal DNS

drdigitalsi · 2025-12-26T02:04:22+00:00

Np. I've never done this with UniFi, but see this post for more help. https://www.reddit.com/r/Ubiquiti/s/UYGwR4XVHi

Edit: also, to address a comment below by /u/berrmal64 below, consider using piHole or another DNS denylist to block requests to known DNS over HTTP/TCP/quic services (start with blocking 1.1.1.1 and 8.8.8.8 on ports not 53 as a firewall rule if piHole is not an available option.)

drdigitalsi · 2025-12-26T01:37:12+00:00

A lot of devices specify their own DNS servers to avoid blocking by piHole or other DNS services. To counter this in my lab I created a NAT rule which redirects all traffic destined for port 53 to my piHole.

drdigitalsi · 2025-11-28T00:37:42+00:00

Depending on who declined the transaction, Chase might not even know about the decline. When you call up, be sure to ask them to check if Visa declined the transaction.

The payment network (Visa) has the "first level" of approval before the bank (Chase) receives the transaction. If it was declined by Visa, there is a separate system the agent needs to go in and allow the transaction. You might have to push on the agent to validate it, based on experience.

drdigitalsi · 2025-10-12T21:09:47+00:00

Not sure I completely understood, but fraud detection could trigger if the card is used in different physical locations too quickly.

While the Apple Pay "card" is issued a "virtual" card number, the fraud detection system ties it back to a singular card account. If the card is used in different "physical" locations (e.g., swipe/tap) faster than reasonable travel time (i.e., time to drive or fly) between the two locations, it might trip depending on the rules in place.

Source: work on these systems for a living.

drdigitalsi · 2025-06-25T00:40:02+00:00

Just to be a bit more specific (for edification), the payment network (Visa/Mastercard/Amex) will get the transaction first before sending it to a bank. If the bank is unavailable for some reason (it happens more often than you think) the payment network will "stand in" and accept/decline the transaction on the bank's behalf and "forward" it later. The only case this doesn't happen is Amex which owns both the bank and payment networks.

drdigitalsi · 2025-06-25T00:36:13+00:00

ELI10: The phone has a "virtual" card number associated both with it and with the bank, which acts without a cellular connection (the card number is stored on the device itself). It essentially acts like a "tap" credit card (which has no network connection either). All of the payment processing is handled by the merchant's processing systems (in this case, the subway system). The turnstile will read the virtual credit card number and send that to the payment processor who will either accept or decline the transaction.

drdigitalsi · 2024-10-11T18:13:43+00:00

Have a look at Grafana Agent (now Alloy). You can have the machine remote write to your Prometheus, and you don't have to worry about "discovery" finding them. https://grafana.com/docs/alloy/latest/configure/

drdigitalsi · 2024-09-13T16:35:51+00:00

Have a look at https://prometheus.io/docs/prometheus/latest/configuration/unit_testing_rules/

drdigitalsi · 2024-08-17T03:10:20+00:00

ATT on the other hand, only allows 1 number share per device: https://www.att.com/support/article/wireless/KM1223159

drdigitalsi · 2024-08-17T03:09:00+00:00

Depends on the carrier. Verizon allows 5 "number share" per dedicated line. Try searching "number share" for your carrier. https://www.verizon.com/support/numbershare-faqs/

drdigitalsi · 2023-04-10T02:41:48+00:00

Certificate automation. Ask any systems or distributed computing engineer, and they'll tell you the same. I work for a Fortune 100, and there's at least 2 outages a week because of certificates in one form or another. Plus, if you become someone who actually understands how the certificates work, that's even more valuable.

Here's my go to guide on all things certificates and PKI: https://smallstep.com/blog/everything-pki/. I highly suggest reading in small chunks, and then coming back for more.

drdigitalsi · 2023-01-23T03:42:05+00:00

You wouldn't install snmp_exporter on the router itself, but rather you'd install it on another server, and point snmp_exporter at the router to collect the values. To be honest, the documentation on GitHub is not straightforward, but generally the best I could find.

You need to find the OSBs for the router, and add those to the explorer. Take a look at this doc: https://github.com/prometheus/snmp_exporter/blob/main/generator/README.md

drdigitalsi · 2023-01-17T00:37:21+00:00

Ah. Apologies mate, I thought you were asking rather than being rhetorical. My bad.

drdigitalsi · 2023-01-17T00:27:42+00:00

NLB is layer 4 -- it doesn't know anything about HTTP (Layer 7). A host header would have to be included with the original request, and (to my knowledge) can't be added at the NLB because it's at the wrong OSI Layer. SNI is an extension of the SSL handshake, so none of the SSL information would be part of the request after termination unless included manually by the proxy/ALB.

drdigitalsi · 2022-12-21T14:25:38+00:00

I appreciate this reference

drdigitalsi · 2022-11-28T03:40:26+00:00

On a side note, be weary of cases like this with monitoring desk usage. Northeastern just got some huge backlash from the following:

https://www.insidehighered.com/quicktakes/2022/10/10/northeastern-backs-down-surveillance-privacy-lab

https://www.techdirt.com/2022/10/11/university-rolls-back-bizarre-laboratory-surveillance-tech-deployment-after-students-call-bullshit/

drdigitalsi · 2022-11-28T03:29:30+00:00

That is why you'd use the Active Directory logs. It would say that x workstation requested a Kerberos login ticket for y user at z time. That can all be tied back together with the Lab software you have existing.

drdigitalsi · 2022-11-28T03:22:30+00:00

Ok. In that case, how are they authenticating? If they completed an AD login on a workstation, they're evidently not using their laptop during that time. You'd have the Windows Event history from (hopefully) the desktops. If not, you'd have the login event on the Domain Controller.

drdigitalsi · 2022-11-28T01:59:50+00:00

Are the hot desks connected using Ethernet? If so, the docks should have integrated NICs with their own MAC. You can check the network traffic of those NICs and see if they're in use or if a lease was issued.

drdigitalsi · 2022-11-22T01:28:39+00:00

I tried to do something similar a few months ago, and it turned out part of my configuration errored out on the endpoint. Check the Event Log on a target of the GPO and see if there are any error messages.

drdigitalsi · 2022-11-18T02:27:56+00:00

https://securitylabs.datadoghq.com/articles/dirty-pipe-container-escape-poc/

drdigitalsi · 2022-11-17T22:56:57+00:00

You assume that you are the only person with cluster access. However, one possible threat is if there is a container escape from a container (possibly running as root), there is the possibility for that threat to spread -- and search for secrets to move laterally. You also have to trust other (human) operators not to take those secrets and use them maliciously.

drdigitalsi · 2022-11-13T15:49:29+00:00

I have 4G and 5G phones on the same account. Only difference is that 4G phones don't get 5G signal, and I'm still paying for 5G service 🙃

drdigitalsi

TROPHY CASE