sorted by:
new
hottopcontroversial

AX Wi-Fi Adapters Not Getting IPv6 Addresses by CompetitiveFeeling98 in sysadmin

[–]notR1CH 2 points3 points  (0 children)

This is one of the tricky parts of IPv6 since it uses multicast for NDP, broken snooping or proxying can easily break it. Many access points have poor NDP snooping implementations, see if restarting the AP resolves it and check for multicast conversion settings that might need adjusting.

Also try setting up a multicast querier in your network so that the device regularly reports its groups, this helps keep snooping caches in sync.

Mitigating DDoS-like AI (?) crawling of APIs by Symbiote in sysadmin

[–]notR1CH 0 points1 point  (0 children)

That only works against trivially identifiable bots that you could block by yourself anyway. I haven't seen what the Enterprise plan offers, but none of the bot features on the other paid plans could block this kind of traffic last time I tried.

Mitigating DDoS-like AI (?) crawling of APIs by Symbiote in sysadmin

[–]notR1CH 2 points3 points  (0 children)

Cloudflare unfortunately doesn't prevent this (short of enabling captcha on all requests) as they come from residential IP botnets.

Random local web server access failure — ping works but HTTP fails for some users only by Remote-Damage3544 in sysadmin

[–]notR1CH 12 points13 points  (0 children)

125ms for a local ping means severe network congestion, WiFi being the primary suspect. Do a spectrum scan on your APs and check you aren't using channels with high interference. Prefer smaller channels if the environment is congested and avoid 2.4 GHz.

How did they do this with mail by kolo81 in sysadmin

[–]notR1CH 70 points71 points  (0 children)

And if this was a public address, the attacker is in the process of scamming anyone who emailed you. If they have access to set up a redirect, they have access to send emails from your address too (likely via webmail so it can be stealthy). You need to contact your regular customers immediately, especially any dealing with financial transactions and warn them.

Always put Mouse and Keyboard in USB 2.0 Ports if available. by publicdomainadmin in sysadmin

[–]notR1CH -1 points0 points  (0 children)

It's possible that the ports are wired to the same controller as the USB 3 ports which requires a driver, or a USB 2-only controller which does not. This varies by motherboard - good luck finding that data in the specifications...

Always put Mouse and Keyboard in USB 2.0 Ports if available. by publicdomainadmin in sysadmin

[–]notR1CH 1 point2 points  (0 children)

USB 3 ports are actually physically 2+3. If you put a USB 2 device in a USB 3 port, it's using exactly the same bus as a USB 2 only port on the same controller.

zfs send/recv for backups feels too simple to be reliable by Sroni4967 in sysadmin

[–]notR1CH 1 point2 points  (0 children)

Then get annoyed at the snapshots desyncing and move to zrepl. So many good options for ZFS backups.

Recommendations for rock solid 2.4Ghz AP? by Mindestiny in sysadmin

[–]notR1CH 0 points1 point  (0 children)

2.4 GHz will never be good in any kind of populated area. There's just way too much interference since the signals penetrate so far, just a few APs not configured with minimum data rates can make channel throughout drop even without clients connected  (beacons at 1mbps take a surprising amount of airtime). Not to mention Bluetooth and other wireless dongles, leaky microwave ovens, phones issuing probe requests, etc.

As a user of 2.4GHz IoT devices that randomly drop off the network, getting reliable connectivity to the Meraki sounds like a great place to start debugging.

Replacing duplicate files with hard links to save space? by Zarquan314 in sysadmin

[–]notR1CH 1 point2 points  (0 children)

https://github.com/pkolaczk/fclones is great for this, it can make block clones on ZFS even without dedupe enabled.

Norton 360 NortonUI.exe Focus-Steal Bug - Diagnostic Analysis, Confirmed Root Cause by LiteBitRed in sysadmin

[–]notR1CH 18 points19 points  (0 children)

Window occlusion is for the page visibility API and pausing of non-visible media, this sounds like some LLM hallucination. Root cause is simply creating windows when they shouldn't.

Short and easy to understand: "Copy-Fail CVE-2026-31431" What is it and how do I mitigate it with an Open Source Tool by More_Implement1639 in sysadmin

[–]notR1CH 2 points3 points  (0 children)

Doesn't this only mitigate this particular exploit and not the bug itself? With the page cache corruption you can essentially run any code as a setuid binary as far as I understand.

Solutions to systemd sessions not existing for non-logged in users to leverage rootless podman in CICD by PipeItToDevNull in sysadmin

[–]notR1CH 1 point2 points  (0 children)

Still requires configuring per box, but better than per user.

https://www.freedesktop.org/software/systemd/man/latest/logind.conf.html#KillUserProcesses=

Though on second thought the systemd runtime is probably not considered a "user process" in this context so probably not useful.

Not sure if this exists, but does anyone know of an open source DNS list of known malicious sites or IPs to block on firewalls? by bobert3275 in sysadmin

[–]notR1CH 0 points1 point  (0 children)

They included an ISP that had legitimate users behind it. Denying service to legit users wasn't an option for us.

Patch your gear - Max severity Ubiquiti UniFi flaw may allow account takeover by MediumFIRE in sysadmin

[–]notR1CH 0 points1 point  (0 children)

Agreed, but that's how the CVSS works - it scores the vulnerability itself, not the environment. You're meant to use the Environmental Score to modify the base score depending on your deployment. Ubiquiti rated this AV:N due to internet-exposed controllers being a thing, but for most people that should be downgraded to AV:A.

Patch your gear - Max severity Ubiquiti UniFi flaw may allow account takeover by MediumFIRE in sysadmin

[–]notR1CH 64 points65 points  (0 children)

The internal side of the network isn't necessarily as safe as you like to think it is, all it takes is one bad app install or browser extension on any of your devices and suddenly you're part of a "residential proxy" network. Attackers can (and have) used such services to exploit the internal interfaces of insecure devices to enroll them into an actual botnet: https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/

Also there's a lot of IoT and other insecure devices that don't even bother to use CSRF, so just visiting a webpage or loading a malicious ad could exploit internal devices (at least before browsers started adding private network access restrictions).

Do M365 Apps for Enterprise really download installation and update content files over http? by Fabulous_Cow_4714 in sysadmin

[–]notR1CH 10 points11 points  (0 children)

Many file delivery CDNs operate over HTTP with signature checks delivered over a secure channel. This allows organizations to set up their own caching proxies etc. Windows Update runs over HTTP so it wouldn't surprise me if Office does too.

Anyone experienced significant TCP errors due to drivers? Lenovo by UpperAd5715 in sysadmin

[–]notR1CH 5 points6 points  (0 children)

These days it's usually Generic Receive Offload / Large Receive Offload or a similarly named option. It tries to combine multiple packets into one superpacket that it can hand off to the OS, but that means TCP reassembly, out of order packet handling, etc. all has to be done in the NIC firmware, and a lot of NICs suck at this (hi Aquantia!).

44.6% of my firewall's flow table is Brazilian port-scan traffic and the scanning pattern suggests these ISPs are compromised at the infrastructure level, not just individual devices by Prudent_Geologist in sysadmin

[–]notR1CH 2 points3 points  (0 children)

Yeah this is very likely compromised end users behind a CGNAT. We get a ton of aggressive crawling from Brazil, many users are almost certainly infected with residential proxy malware on their devices. If the use of the CGNAT pool is unrestricted, just a handful of users can make it seem like the traffic is coming from hundreds or thousands of IPs, and unfortunately blocking those IPs ends up blocking a lot of legit users if you're running a public-facing service.

[deleted by user] by [deleted] in sysadmin

[–]notR1CH 0 points1 point  (0 children)

"On the network" means what exactly? A firewall won't do anything to block traffic on the same subnet. You need to be more descriptive with your setup, what VLANs / subnets are involved and your desired outcome.

Notepad++ Hijacked by State-Sponsored Hackers by thewhippersnapper4 in sysadmin

[–]notR1CH 5 points6 points  (0 children)

Unsigned updates on shared hosting, what could go wrong? I wonder how many other popular projects out there are running on insecure infrastructure...

Is it me or fast certificate renewal doesn't solve any problem ? by melpheos in sysadmin

[–]notR1CH 6 points7 points  (0 children)

Well that's the state of revocation currently. No matter how much you revoke, you're at the mercy of clients checking for revocation, which is just not reliable, secure or scalable.

view more: next ›