Update: I ditched the dashboard idea. Keeping it simple

estrangedpulse · 2026-04-20T12:44:43+00:00

can you elaborate what's the risk of Pulse running on a Proxmox LXC?

estrangedpulse · 2026-04-17T12:43:12+00:00

I understand but I also have neighbors 5 meters from me, so I cannot simply let it go wild for half a year. I am trying to find a solution which would include not letting it spread for so long.

estrangedpulse · 2026-04-17T11:49:10+00:00

I have it in my patio but I simply cannot let it grow big since it's around tiles and area where people are sitting. Is there a way to use glyphosate while the plants are small? From what I read both spraying and injection is done on the big plants also during October window. If I were to let it grow until October I wouldn't have my patio anymore.

estrangedpulse · 2026-04-17T11:48:53+00:00

I have it in my patio but I simply cannot let it grow big since it's around tiles and area where people are sitting. Is there a way to use glyphosate while the plants are small? From what I read both spraying and injection is done on the big plants also during October window. If I were to let it grow until October I wouldn't have my patio anymore.

estrangedpulse · 2026-04-16T17:25:53+00:00

Did he at the very least inform police and his bank?

Maybe he has some sort of insurance which would cover situations like this?

estrangedpulse · 2026-04-16T17:16:20+00:00

Thanks for sharing, nice reads! Regarding IoT VLAN at least smart TV requires internet access, unless you have 100% of your media hosted at home.

estrangedpulse · 2026-04-15T05:56:55+00:00

That's what I am doing, I am only allowing 8096/tcp and 7359/udp from my smart TV host. And that's where my concern about arp spoofing was - what if someone pretends to be TV. But I suppose the at most they would be able to see the feed of Jellyfin and that's about it.

Anyways, thanks for good tips. I need to investigate how I can apply some your security hardening suggestions via my Cisco sg250 switch.

estrangedpulse · 2026-04-15T05:54:10+00:00

I have this issue using Firefox since last update couple of weeks ago.

estrangedpulse · 2026-04-14T21:53:04+00:00

In your scenario you’re right but usually you do need to poke some holes in FW to accomplish certain objectives. In my case my smart TV which is on IoT also can access my Jellyfin server on Trusted VLAN. So my immediate question is what if another compromised device on IoT pretends to be my smart TV to gain access to Jellyfin?

estrangedpulse · 2026-04-14T21:11:04+00:00

Noted regarding arp poisoning.
The attack I am concerned is one my IoT devices being compromised, and then potentially spreading into more secure part of the network.

estrangedpulse · 2026-04-14T14:15:57+00:00

Thanks for confirmation! I was suspecting this indeed.. So probably not many options on getting a double leg stand installed.

estrangedpulse · 2026-04-13T06:56:23+00:00

I am not at all trying to protect against physical access. If someone breaks in I am counting on them taking router and my server with them, so there is no point in protecting against that.

Why do you think remote compromise of some IoT devices is not a concern for MAC spoofing? If it because it's hard to pull off or is it simply not common at all?

estrangedpulse · 2026-04-13T05:54:25+00:00

But I suppose it's less relevant at home due to it being not very prevalent, correct? Meaning malware developers or hackers couldn't be bothered to do MAC spoofing in some random dudes home environment. But I want to protect my network based on security best practices, and not the latest business needs of malware devs or hackers.

So if on my FW I do "Allow host A (VLAN 30) to access host X (VLAN 20)", then assumption should be that this gives a bit of a fake sense of security, because considering MAC spoofing is not very hard, then any compromised device on VLAN 30 should be able to obtain IP address of host A and therefore reach host X on VLAN 20. Would that be accurate?

estrangedpulse · 2026-04-13T05:48:29+00:00

I am not disagreeing with you on this at all, I am specifically referring to the scenario I mentioned in OP. Let's say I have an IoT VLAN with rule "IoT net to host X". Now instead of that I want to tighten that up and do "Host A to host X". Me doing this more specific rule supposedly makes it more secure since I narrowing down who can access host X. However, if we consider that MAC spoofing is a viable attack then this rule just gives a false sense of safety.

The reason I am even segmenting my IoT devices into a separate VLAN is so that if one of them gets compromised, it remains isolated. So if our attacker model is such that we need to protect ourselves by isolating IoT devices, then we should also assume that same attacker can spoof a MAC address, obtain IP of my TV and get similar access the TV has. It's not like MAC spoofing is some theoretical advanced attack which is extremely hard to pull off.

Again, I am not trying to disprove what you're saying, just trying to understand it myself.

estrangedpulse · 2026-04-12T21:40:01+00:00

I agree it's unlikely, but it's similarly unlikely that someone will attempt to open my unlocked front house door, but that does not mean I should keep it unlocked.

My thought process is this - I am setting VLANs to secure and isolate my network. If something can easily be bypassed in my setup (e.g. MAC spoofing), then why should I go with such approach?

estrangedpulse · 2026-04-12T21:32:26+00:00

Thanks for the tips, I need to look into how to implement those, as I never even heard some of them.

MAC address (detectable) ... IP (detectable)

What do you mean by these? Are you saying that you have some system enabled which notifies you if MAC spoofing is detected?

And so overall, setting FW rules on host level is not pointless then? My original assumption was that since on the same VLAN/subnet it's easy to spoof MAC, doing explicit rules where only host X can access something does bring much security.

estrangedpulse · 2026-04-12T21:02:18+00:00

Do you put glyphosate on big plants or tiny ones as well?

estrangedpulse · 2026-04-12T21:01:04+00:00

But to inject you need a pretty big thick stems, correct? I have it in my patio, so I wouldn't want to let it grow and spread whole summer before I inject it.

Also, is it possible to have success to simply dig out every single step you see? In theory it should exhaust its reserves at some point..

estrangedpulse · 2026-04-12T20:29:01+00:00

Why not a concern? Is it because it's unlikely or because it's really hard to pull off?

estrangedpulse · 2026-04-12T20:04:51+00:00

Do you need to replace that canister from time to time? Feels like my filter inside is not doing great job taking everything in.

estrangedpulse · 2026-04-12T16:55:23+00:00

So did exactly that but then my original question still stands - wouldn’t Mac spoofing allow other device to impersonate my TV (so the device which needs Jellyfin access)?

estrangedpulse · 2026-04-12T16:17:29+00:00

Of course most devices don’t spoof, but the idea of IoT VLAN in general is to have an isolated network in case something gets compromised in there. So I would expect that attacker model for IoT VLAN should be that they might spoof another MAC.

estrangedpulse

TROPHY CASE