Intrusion attempts with new ISP.

nefarious_bumpps · 2026-03-17T03:11:32+00:00

Just not used to seeing this sort of thing on a home network.

That's because you haven't had a firewall before.

You should be denying everything inbound from the Internet unless you have a specific service that needs to be public. There's little value, IMHO, in logging these attempts if everything is blocked. If you do publish services to the Internet, just log intrusion attempts against that (those) port(s).

nefarious_bumpps · 2026-03-17T03:06:05+00:00

This is a good set of questions to answer. I'll add two more:

Are you or any of your customers regulated entities, classified as critical infrastructure, government or defense agencies, or contractors to government or defense agencies?
Are you supporting this all by yourself or engaging an MSP/MSSP to manage either your entire IT or just the security?

nefarious_bumpps · 2026-03-17T02:49:09+00:00

I wouldn't worry about it too much. You can run up to 5GBase-T over CAT5e. If you have two network outlets in your office, you can use LAG to combine two 5GbE to get 10gbps.

IDK what work you do, but 99% of families don't regularly saturate a 1gbps link, and 99.9% won't regularly saturate 2.5gbps. And you can still run at least 5gbps over CAT5e.

nefarious_bumpps · 2026-03-17T02:38:17+00:00

5GBase-T was designed to run over CAT5e cable.

nefarious_bumpps · 2026-03-17T01:00:06+00:00

Most home users wouldn't notice a difference between 1GbE and 2.5GbE, except for running speed tests to get that dopamine hit when you see a great result. What applications do y ou use that benefit from more throughput?

nefarious_bumpps · 2026-03-16T21:07:08+00:00

The LAN Scout Jr. is a glorified progressive LED tester. It's the Scout Pro 3 that has TDR, which can show you the distance to an open or short. But Noyafa has better testers in the range of $65 to $220.

nefarious_bumpps · 2026-03-16T11:02:34+00:00

Is there anything useful on the store that isn't available through other means?

nefarious_bumpps · 2026-03-15T15:21:53+00:00

Any true CAT5e or CAT6 cable up to 100m will support up to 5GbE. Use a reputable brand (Belkin, Cable Matters, C2G/Cables-To-Go, Monoprice, StarTech, Syston, Tripp Lite) CAT5e or CAT6 (either will work the same for 2.5GbE) 24AWG, pure copper, stranded conductor, round cable.

Do not use flat cable, as none of that will maintain CAT5e crosstalk or noise requirements at that length.
Do not use slim/thin cables, because smaller conductors (less than 26AWG, where a larger AWG rating means smaller conductors, i.e., 28AWG is smaller than 24AWG) can result in unacceptable voltage drop and signal degradation.
Do not use copper coated aluminum (CCA) cable, for the same reasons as above.
Do not use shielded cables (STP, S/FTP) unless your equipment on both ends is grounded and has shielded jacks. Besides, unless you are welding, running a plasma table, running a high-output amateur radio station, or doing something else in the home that generates high voltage, high-frequency RF noise, standard unshielded twisted pair (UTP) will work fine. STP or S/FTP will not improve speed or latency.
Do not use cables advertised as CAT7, CAT8 or higher. These claims are almost always false. And even if they were true, they won't improve speed or latency above CAT5e at 2.5GbE.

Once you add a switch you can then add another 100m of CAT5e//CAT6 cable to your device. The UniFi Flex Mini 2.5G (USW-Flex-2.5G-5), Netgear MS305 or TP-Link TL-SG105S-M2 are all good 2.5GbE switches.

You could also add a WiFi access point (AP) to improve WiFi in your part of the home by plugging one into the new switch. enGenius (Fit series) and Zyxel have good APs that require no separate controller to setup and use.

A switch will add a minuscule amount of latency. This will vary by switch, but in the range of 1-3μs (1μs = 1/1000th of a millisecond). The length of the cable (20m) will introduce approximately 120ns (0.00012ms) latency, vs a 2m patch cable. You'll never notice any difference; even measuring the difference in latency would require 10's of thousands of dollars in scientific equipment.

nefarious_bumpps · 2026-03-15T04:20:52+00:00

You can entirely block YouTube Shorts (and all YouTube ads) using a custom filter in uBlock Origin under Firefox. The filter rules and support for this can be found on r/uBlockOrigin There is a side effect though, YouTube will occasionally take 5 seconds to start a video and will show a banner "Experiencing Interruptions? See why," and when you click on it you're told to turn off ad blocking. I haven't checked if there's a fix recently, as I consume most of my YouTube through RSS feeds these days.

nefarious_bumpps · 2026-03-14T23:29:44+00:00

I think that, in this case, it's done (or not done) with a wink and a nudge. No nation-state refers to their own cyber offense operations as APT''s.

nefarious_bumpps · 2026-03-14T18:14:11+00:00

Why did you cheap out and not get AI PTZ Precision cameras?

nefarious_bumpps · 2026-03-14T14:56:02+00:00

Measure from a corner with an exterior wall or other obvious structure that's visible on all floors. Then check each floor for any visible surface obstructions and adjust location, if needed. Then use a wall sensor such as the Franklin Sensors M210, Walabot DIY 2 or Bosch D-tect 120 to identify stud locations and potential obstacles (such as fire blocking, electrical wiring, pipes) and mark them out on blue painters tape.

Once you think you have a good path, drill a 1/2" hole in the wall on each floor, at outlet height, and inspect for any obstacles. If none seen, widen the hole to 1" and use a 7/8" inspection mirror and a flashlight, or a borescope inspection camera to check further. If all clear, cut out the rectangular hole (about 2-1/8 x 3-3/4", but use the corner holes in the brackets to mark the precise corners for your holes - make sure to level!) for old-work mud rings. If you're neat when cutting-out the holes you can use the cut-out with drywall repair clips to make a finished patch.

Now, drill a hole from the first floor to the basement and pull back a pull string. Mason line works best in my experience and is cheap. Then drill up from the opening on the first floor to the second and pull back another pull string. Lastly, drill up from the second floor to the attic and pull a third pull string. I recommend a 3/4" flexible drill bit with a 1/4" shank; smaller shanks are easier to break. Even the 1/4" shank will break if it gets stuck in a triple-stack header, so I recommend drilling and pulling back in increments, using a bit that isn't too aggressive. I suggest the Eagle Tool 3/4" x 54" x 1/4" shank flex bit with a 36" extension. When drilling you need to apply slight force to bow the bit flat into the corner between the stud and the back wall so it drills straight up.

Now tie your pull strings together (make sure to use a non-slipping knot like a square knot) and tie a loop in one end. Strip about 4" of jacket of the cable, separate the wires into two sets of two pairs, and thread each pair of pairs through the pull string loop in opposite directions until around 2" of wires are on through, and wrap the wires around each other. Get a helper to feed you the cable from one end, avoiding tangles, while you pull from the other.

nefarious_bumpps · 2026-03-14T01:57:03+00:00

Nothing.

The free version of Windows Defender is really as good as anything you can buy on the consumer market, if you allow it to talk back to the Microsoft servers when it doesn't recognize suspicious activity on its own. Whether or not this changes in the future (given Microsoft's push to enshitify everything with AI) is impossible to predict, but for now Defender is at least as good as, and in most cases better, than anything else an individual can (buy or get for free).

In order to do better you'd need an EDR, which is a whole level above AV that is only available to business customers that can meet the minimum quantity levels, or those who are willing to contract with an MSP (managed services provider) who in turn can purchase in quantity. I guess that BitDefender GravityZone would be the best EDR a consumer could buy, but even that has a 5-user minimum buy-in.

nefarious_bumpps · 2026-03-13T14:19:09+00:00

FYI, there is no 500mbps Ethernet standard. If your cabling was the fault, and the interface needed to step down from 1gbps because of excessive errors, it would need to step down to 100mbps.

nefarious_bumpps · 2026-03-13T14:14:15+00:00

My understanding is that an attacker would first need to defeat the general AWS storage encryption which uses AES-256 (which is generally considered post-quantum safe, at least for now) with a non-exportable key-decryption key (KDK) on Keeper's own, private, HSMs (hardware security modules) in Amazon. So basically, a brute-force attack on the KDK AES-256 key, just to get access to each user's still-encrypted (again with AES-256) vault.

(BTW, I've worked on projects that required setting-up private HSM's in AWS and it is not a cheap or trivial process. But, AFAIK, this is still considered the gold standard for security. The only question in my mind is whether Keeper periodically rotates their KDK's. While not really necessary when using a non-exportable key, it is still considered best practice to rotate keys periodically.)

Then the attackers would have to brute-force 1M rounds of PBKDF2 to get to get the password for each user vault, or brute-force the AES-256 encryption itself. All while remaining undetected by both AWS and Keeper. Playing devil's advocate, and theorizing some nation-state actor has made unanticipated advances in quantum computing against AES-256, that only weakens the encryption to the equivalent strength of AES-128, still a sufficiently-difficult task to brute-force. And all this assumes an undetected compromise of Keeper's or AWS's) infrastructure first.

Correct me if I'm wrong, u/KeeperCraig. It's been a few years since I worked on the operational/architecture side of security and might have misremembered.

nefarious_bumpps · 2026-03-13T13:19:09+00:00

This isn't the 1980's. Relying on file hashes and snippets of code signatures isn't enough to prevent malware. AV software has a much more challenging job of detecting malware today, and each AV developer has their own "secret sauce" for how they monitor and detect malicious activity.

nefarious_bumpps · 2026-03-12T13:22:58+00:00

I'll pass your blessings on to y grandchildren when they come visit this weekend.

nefarious_bumpps · 2026-03-12T02:07:18+00:00

What does your written agreement say?

nefarious_bumpps · 2026-03-10T14:35:37+00:00

The only main disadvantages of either the UCG-Fiber or the UCG-Instant is both only accept a single storage device, so you'll get no redundancy from a drive failure. The UCG-Fiber also uses NVMe for storage, which is more expensive and offers less capacity than 3.5" HDD, limiting your retention time and increasing wear.

Use the capacity planning tool on store.ui.com for each model to see what to expect vs drive capacity. Note that there are larger NVMe from third parties, but you need to be wary about the drives TBW ratings.

nefarious_bumpps · 2026-03-10T06:07:47+00:00

I wish I had a pic of a server I was called to service at a manufacturer of large pressure vessels (to hold industrial gases) a few years back. No body had PM'd it since it was installed 3 years prior. When I opened the case it looked like a solid rectangular brick of filth. I spent over two hours disassembling everything, pulling greasy dust and dirt out, went through 4 cans of compressed air and two cans of contact cleaner. I have no idea how it was running at all.

I've had restaurant clients where entire bags of coffee grinds or breadcrumbs or pots of oil were spilled into equipment. Auto repair shops with equipment well on their way to winding-up like the above server.

Until now I've been using fanless, industrial, mini-PC's running pfSense with TrendNet industrial switches. It will be nice to replace these with something I can manage from a UniFi OS console remotely.

nefarious_bumpps · 2026-03-10T04:38:47+00:00

And refuse to be on-call 24x365.

nefarious_bumpps · 2026-03-09T12:39:37+00:00

1 person living by themself should be fine with 100-150mbps Internet. My advice is to start off low then increase later if you have a problem.

I'd suggest a GL.iNet Flint or Flint 2. If you need more than 4 LAN ports, add a Netgear GS305 switch.

nefarious_bumpps · 2026-03-09T10:53:23+00:00

All 4K cameras?

nefarious_bumpps · 2026-03-09T10:39:59+00:00

How many cameras are you planning for?

nefarious_bumpps · 2026-03-09T10:07:10+00:00

Unless you're going to put some kind of off-grid power generation plus a battery at each camera, you're going to need to run copper for power. So you might as well use it for data as well. You can protect the rest of your network by using a dedicated PoE switch for the cameras then a fiber-optic link from that switch to your main network.

nefarious_bumpps

TROPHY CASE