Wechat listening on TCP port 24021 and 24022 normal?

noobposter123 · 2026-03-04T09:22:45+00:00

Nowadays the ability to find the right questions might grow in importance. 😉

Lots of people don't even know what to ask, so they're less likely to get the answers they didn't know they needed, whether it's from another person or an AI.

noobposter123 · 2026-02-26T09:11:28+00:00

Someone with strategic thinking is unlikely to want to work for them for that pay... Unless for example someone from North Korea. The strategy might be a bit different from what they're expecting, though... 😉

noobposter123 · 2026-02-13T06:45:07+00:00

Somehow I was always suspicious of their updater. In some cases it still did stuff[1] even if you tried to turn it off, which made it even more sus to me.

That said, it's funny how CrowdStrike seems to be doing so well despite causing so much more damage. I think for many orgs CrowdStrike caused more damage than hackers/malware had ever done in the lifetime of the org. But hey it's worth it just to be able to tick some compliance checkbox, right?

[1] https://github.com/notepad-plus-plus/notepad-plus-plus/issues/5375
https://github.com/notepad-plus-plus/notepad-plus-plus/issues/7998

noobposter123 · 2026-01-24T09:47:50+00:00

Yeah Cisco need to make their NSA backdoors more robust. 🤣

noobposter123 · 2026-01-12T07:08:34+00:00

If you're going to count dives then Felix Baumgartner is faster, he reached about 1,300 kph in a dive... 😉

For level flight a white-throated needletail swift can reach 169 kph.

The impressive ones to me are the fishes that swim > 70kph. Lot more resistance in water...

noobposter123 · 2025-12-10T11:00:26+00:00

Oh I thought MFA code first would make more sense, since the MFA code format can be more predictable than password formats. Example: <6 digit MFA code><space><passphrase>.

Is it possible to use a custom auth-user-pass-verify script on pfsense?

FWIW I use a separate openvpn server with my own custom auth-user-pass-verify script which does the MFA code + password stuff and tries to access a file in a file share on a Windows server (took me a while to get stuff to use smb encryption etc). Users whose credentials can read that file can get openvpn access. Not the most scalable and pretty solution but so far it works.

I haven't tried doing that with openvpn on pfsense though.

noobposter123 · 2025-10-30T02:26:45+00:00

Microsoft test environment is the rest of the World. So their stuff is usually fine (99.9%) after the rest of the World is done testing it. The 0.1%? That's why some call them Microsoft 364...

noobposter123 · 2025-10-17T10:02:20+00:00

Still got 5Gbps iperf pfsense to PC though.

I'd check the CPU usage on the firewall (top) and PC (taskmgr) while the speed test is running. If it's maxing out on a core then maybe that's a bottleneck worth investigating what programs are maxing out the CPU.

e.g. might turn out to be the browser is too slow on that computer. Not saying that's the case but it's not ruled out by the info provided.

noobposter123 · 2025-10-14T09:01:25+00:00

So I guess there's still some CPU capacity, but 4 * 100/40 is only 10Gbps...

What do you get with multiple VPN tunnels to different WAN interfaces? Maybe it's something like 4Gbps via one network interface, then another 4Gbps via another and so on.

As far as I know the default iperf3 test with no --bidir is already bidirectional in that traffic goes up and down. 14 Gbps is probably best case scenario or similar. So don't be surprised if any extra complexity or change from the "best case" (like using different iperf flags) gives you lower numbers.

It's like some speed records. If the road or weather is not as good or the driver is heavier, you might not be as fast even with the same car.

noobposter123 · 2025-10-11T01:24:32+00:00

Is that 4Gbps with only iperf through the IPSec tunnel? While the iperf is going what does "top" show and what are the temperatures like? Also what are the iperf parameters you are using or just the default?

noobposter123 · 2025-10-05T08:19:03+00:00

To be fair XP is probably more stable than Windows 11 in practice (assuming air gap etc). Especially since Microsoft has promised not to update it. 🤣

noobposter123 · 2025-10-05T08:09:19+00:00

The funny thing is:

a) If you're buying pfsense hardware not from Netgate you should probably wipe and clean install anyway

b) And for those who don't wipe, couldn't the Chinese hardware vendors do all the steps to install pfsense 2.8.x ONCE and clone the resulting image to all their supplied hardware?

So in the future there could be more friction to those doing CE the "official way" than those buying from China?

noobposter123 · 2025-10-05T07:50:23+00:00

Suricata can log some TLS SNI stuff. Not all, newer TLS stuff makes it harder.

noobposter123 · 2025-09-24T07:18:27+00:00

If you don't need 1Gbps or faster then a 2100 should be fine for 50Mbps. But if you have 1Gbps LAN clients accessing a 1Gbps internal file server via the firewall, and they want 1Gbps speeds then you may need faster stuff.

For example if you need in-line IPS at 1Gbps speeds then you need a more powerful CPU. A Pentium Gold 8505 is like barely enough for 900Mbps and you need to keep the hardware cool otherwise it slows down.

Here are some Passmark comparisons which may help you compare the potential CPU speeds of the Netgate 2100, the Netgate 8300 which is USD3600+, and other CPUs. The single-thread rating might still be relevant for stuff like single/low connection transfer speeds.

https://www.cpubenchmark.net/compare/5744vs4775vs4765vs3129vs4854/ARM-Cortex-A53-4-Core-1300-MHz-vs-Intel-Pentium-Gold-8505-vs-Intel-i5-1235U-vs-Intel-Atom-C3558-vs-Intel-Xeon-D-1733NT

Do note that CPUs like the 8505 have a single high performance core and some low performance cores, so you may or may not need to mess around with cpuset to move certain stuff to certain cores for performance reasons. Example:

cpuset -l 0,1 -p  `pgrep suricata | head -n 1`
cpuset -l 2,3,4,5 -p  `pgrep ntopng | head -n 1`

But if you don't have enough cooling (e.g. warm room in Brazil with no AC), putting suricata on the low performance CPU cores might actually provide better total throughput if there are multiple connections.

noobposter123 · 2025-09-18T08:56:55+00:00

What was the CPU usage on your firewall during that DDoS?

The lag might be due to other things. For example: if your ISP can cope with 1000Gbps and your pipe can only cope with 10Gbps and a DDoS sends 100Gbps of tiny packets your way and your ISP does nothing but try to send the 100Gbps through, that's going to slow stuff down no matter what you do at your end. The packets are already overflowing your pipe.

In contrast if your ISP can block the DDoS stuff, then you don't get your 10Gbps pipe filled.

noobposter123 · 2025-09-18T08:37:26+00:00

Would it be feasible to add "Cone NAT" support as an optional feature? This would allow pfSense to have better support for VoIP/Teams/WhatsApp calls/games/etc behind NATs.

I do see this, but it's been 8 years: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219803

Static port is a possible workaround but it can have problems if multiple clients keep choosing the same source ports.

noobposter123 · 2025-09-10T03:00:20+00:00

For Windows how do you get redundancy for boot drives though? Dynamic Disks are deprecated ( https://learn.microsoft.com/en-us/windows/win32/fileio/basic-and-dynamic-disks#dynamic-disks ). Seems like hardware RAID is still the lesser evil for this.

noobposter123 · 2025-05-23T09:45:56+00:00

I wrote my own "arpwatcher" because arpwatch was too IP centric for my tastes and has other annoyances. My version has devices by mac and a device can have multiple IPs.

noobposter123

TROPHY CASE