Documents ill use in initial conjecture and testing theories of why something might have behaved the way it did
https://fccid.io/PY315100319/Test-Report/Test-Report-DTS-rev-pdf-2801861.pdf
1 Like
hell yesā¦ got matching IPv4 and IPv6 tails
[eric@odin ~]$ ifconfig
enp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.31.82.4 netmask 255.255.255.0 broadcast 10.31.82.255
inet6 fe80::fec0:28fa:803b:a8c9 prefixlen 64 scopeid 0x20<link>
inet6 2601:680:ca80:7302::4 prefixlen 128 scopeid 0x0<global>
ether 10:7b:44:18:0e:6d txqueuelen 1000 (Ethernet)
RX packets 6223412 bytes 7667332272 (7.1 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2519467 bytes 598562042 (570.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xf6500000-f651ffff
Now that I completely understand the stack. IPv6 aint hard
1 Like
Relevent to your interests: https://labzilla.io/blog/force-dns-pihole
If youāre using PiHole on your network to block ads and prevent your various smart devices from sending tracking information to their manufacturers, you might be surprised to find out that some of these devices are using a sneaky tactic to bypass your PiHole entirely.
Smart devices manufacturers often āhard-codeā in a public DNS server, like Googleās 8.8.8.8, and their devices ignore whatever DNS server is assigned by your router - such as your PiHole.
Nearly 70% of smart TVs and 46% of game consoles were found to contain hardcoded DNS settings - allowing them to simply ignore your local networkās DNS server entirely. On average, Smart TVs generate an average of 60 megabytes of outgoing Internet traffic per day , all the while bypassing tools like PiHole.
Fortunately, with a few simple firewall rules, you can intercept these hardcoded DNS queries and redirect them to your PiHole. These instructions are for pfSense, however you should be able to adapt them for Sophos XG, Ubiquiti EdgeRouter, etc.
8 Likes
lol
yes exactly. I have been doing that on the OPNsense. It was not too hard. The direct rule for redirecting 53 was the first step.
Its really really annoying that smart things folk do this.
Still working out the kinks but once its all stable. Ill test the router antenna differences
Thanks for the link man!
3 Likes
Just wait till thay all have 5G built in and thereās hotspots for that all over the place and they just connect to one of them, bypassing your LAN completely. 
1 Like
At that point I will just start building my own stuff lol
2 Likes
Lol well testing delayed. Honest reason : work has gotten hectic. And lol laziness sorry. Just need a moment!
1 Like
On GrapheneOS you can install google play apps using Aurora Store.
For a hardware firewall it is much better to use an AMD CPU - ideally an older CPU without a PSP (Intel CPUās are open books for state actors)
1 Like
See above. Coreboot. ME nuked from orbit. I dont care about state actors. I just like supporting the development on these. After all I am an engineer for the DOD lol. Open firmware is cool and its not just for the careful.
The older AMD CPUs cant match the troughput in the power and form factor of what I bought. Consider checking it out!
3 Likes
Intel CPUās have an always on 3G connection in hardware. It is how airgapped machines are exploited.
1 Like
wat
4 Likes
wait what? No they dont. That would require FCC approval and all the documentation associated
1 Like
Intel CPUs really do have secret 3G chip
If you run Intel - your system is an open book whatever os you run.
1 Like
Thats the vPro which is for business stuff.
3 Likes
also part of the IME which coreboot neuters anyway
2 Likes
Uhmm this is a 6 year old source.
This is also a mobile chip from all the evidence sited and nothing looks nefarious. Of course the vpro wont turn off the 3G chip. This is normal on business class hardware. The enterprise often needs this on tablet or laptop oritented chips that are remote in order to push OTA updates in an enterprise environment. I do not understand how this is functionally bad?
this too if you are worried about it
2 Likes
Iām not worried about it - I donāt run intel cpuās
1 Like
then why are you in here spreading fud?
1 Like
I think the solution is being overlooked here. This is about risk mitigation not risk removal. You cant eliminate a risk totally. In fact if the solution is older architecture you introduce new risks that are harder to mitigate. Theres a trade off in everything when it comes to security. There comes a point in risk management where you assess your confidence in a platform or situation or product
2 Likes
some more āfudā for you:
& some slightly newer tech - wifi in hardware:
At the Intel Developer Forum in San Francisco, Intel Chief Technology Officer Justin Rattner unveiled a pair of technologies coming out of Intel Labs that will overcome many of the size and power limits that have stood in the way of integrating radio technology more tightly with computers and other digital devices. The first, what Intel calls the āMooreās Law Radio,ā is a complete WiFi transceiver on a 32-nanometer scale silicon chip; the second, called Rosepoint, is a complete system-on-a-chip that integrates two Atom processor cores with a digital WiFi transceiver.
1 Like