|
Shaggar posted:w/ ISPs they probably wont go after you unless its a government backed entity. also getting a hold of a higher level tech would be the way to go cause they're in a position to understand what you're saying and not have a motive to shut you down. i wouldnt be so certain since im sure some ToS was violated at some point
|
# ? Aug 1, 2017 19:16 |
|
|
# ? May 16, 2024 00:37 |
|
BangersInMyKnickers posted:Maybe I'll open a ticket under the guise of getting IPv6 setup and see if I can slip it in that I am seeing other people's traffic I think its more likely they'll just close it as "ipv6 not yet supported" or something to that effect. if you can find the number for the noc or something that would be the way to go.
|
# ? Aug 1, 2017 19:16 |
|
anthonypants posted:they're worried that if they deliver a pcap of their network traffic to their isp, they will deduce that they have been hacked and send fbi agents to their house. how have you not been on the internet for the past decade lol thanks for shooting down all my ideas you cold war mccarthy weirdo, no one suggested handing over a pcap, what do you suggest?
|
# ? Aug 1, 2017 19:18 |
|
anonymous tweet?
|
# ? Aug 1, 2017 19:19 |
|
hobbesmaster posted:anonymous tweet? Yeah, I think I'll try to get them to DM me and I'll send them a screenshot with some anonymized capture headers or something. My twitter isn't associated with me in any public way
|
# ? Aug 1, 2017 19:23 |
|
BangersInMyKnickers posted:Some whitebox PON ONT, huewai or something. Regional FttH provider PON da huewai
|
# ? Aug 1, 2017 19:37 |
|
BangersInMyKnickers posted:Yeah, I think I'll try to get them to DM me and I'll send them a screenshot with some anonymized capture headers or something. My twitter isn't associated with me in any public way don't use your loving twitter e: make a new one
|
# ? Aug 1, 2017 19:39 |
|
FAT32 SHAMER posted:do the strippers take bitcoin??? quote:The Legends Room is the first club in the world with its own spendable cryptocurrency. The club also accepts bitcoin and fiat for all club services. Management expects an entirely new audience for digital tokens since ownership of LGD is require to access all of the club’s private areas and celebrity events.
|
# ? Aug 1, 2017 19:59 |
|
instead of timing it in songs, lapdances last until your tip's transaction is confirmed
|
# ? Aug 1, 2017 20:00 |
|
BangersInMyKnickers posted:I don't know how I can explain the terms Passive Optical Network or Fiber to the Home any better than I already have but you're an idiot. Anyway, the way all PON rollouts work is that there is a single transceiver that blasts downstream traffic for up to 64 subscribers then each has their own ONT box to push their upstream traffic back. Everyone sees the same downstream light to the ONT but the traffic for your box should be wrapped in link encryption so the stuff for other houses is discarded but this is not happening for my ISP so everything not going out over TLS is visible to all the other subscribers on my segment. its insane that this is even possible. granted I work in mobile where encryption of this kind is a given because everyone's data is constantly beaming through your skull but I can't imagine that happening on our network.
|
# ? Aug 1, 2017 21:18 |
|
Fergus Mac Roich posted:its insane that this is even possible. granted I work in mobile where encryption of this kind is a given because everyone's data is constantly beaming through your skull but I can't imagine that happening on our network. Yeah, even if they weren't doing link encryption I would expect the ONT to be discarding all unicast traffic not destined to it. If they were at least doing that I never would have noticed because I don't have my own single-mode interface to plug in to their line.
|
# ? Aug 1, 2017 21:32 |
|
Shaggar posted:I think its more likely they'll just close it as "ipv6 not yet supported" or something to that effect. if you can find the number for the noc or something that would be the way to go. i think you're all assuming this is being done accidentally, given proper link encryption is fractions of a penny more expensive with most head-end equipment i wouldn't be so sure.
|
# ? Aug 1, 2017 21:38 |
|
There's a good chance that whatever whitebox cheap ONTs they're using don't support encryption. From what I've read in the spec it should be using an AES256 key but who knows if whatever lovely little chip crammed in there can support that at full duplex gigabit
|
# ? Aug 1, 2017 21:40 |
|
Okay, so I found a spec sheet for this ZTE piece of poo poo and apparently it can't do link encryption but PON networks support UNI/GEM filtering where you assign each device a unique ID and the encapsulation layer knows to discard the frames that aren't destined for it but I guess my ISP just put everybody on the same one so you see other's traffic. Should be trivial for them to at least triage but a proper fix requires them to not buy the cheapest poo poo available from china e: I guess it also supports filtering based on VLAN tag too. Jesus this is lazy. ee: And some other conflicting docs say it supports AES128 so I have no idea. BangersInMyKnickers fucked around with this message at 22:24 on Aug 1, 2017 |
# ? Aug 1, 2017 22:18 |
|
is it worth reporting spear phishing/wire fraud attempts to the feds?
|
# ? Aug 1, 2017 22:35 |
|
Shaggar posted:is it worth reporting spear phishing/wire fraud attempts to the feds? Might as well keep the secret service busy with something besides our lovely president
|
# ? Aug 1, 2017 22:36 |
|
BangersInMyKnickers posted:Yeah, even if they weren't doing link encryption I would expect the ONT to be discarding all unicast traffic not destined to it. If they were at least doing that I never would have noticed because I don't have my own single-mode interface to plug in to their line. it's gotta be wdm based for upstream ? but yeah as you mentioned it may support Q-in-Q or similar . Being on a shared medium that they don't expect you to be monitoring , well , that's what you get . Adelphia was like that back in the day. Network neighborhood literally was the neighborhood for a while there.
|
# ? Aug 1, 2017 22:59 |
|
BangersInMyKnickers posted:Might as well keep the secret service busy with something besides our lovely president they probably log the domain and point their meager resources at whatever is generating the most complaints so... mildly
|
# ? Aug 1, 2017 23:04 |
|
BangersInMyKnickers posted:Okay, so I found a spec sheet for this ZTE piece of poo poo and apparently it can't do link encryption but PON networks support UNI/GEM filtering where you assign each device a unique ID and the encapsulation layer knows to discard the frames that aren't destined for it but I guess my ISP just put everybody on the same one so you see other's traffic. Should be trivial for them to at least triage but a proper fix requires them to not buy the cheapest poo poo available from china It's possible part of this has gone over my head but from a security perspective isn't ONLY filtering on a unique identifier just as much of a security fuckup? Unless you have each link individually encrypted you're still sending everyone's data to everyone else. It seems to me you have to have both, and the unencrypted identifier is only there so that you don't have to waste time decrypting data that isn't yours.
|
# ? Aug 1, 2017 23:18 |
|
Fergus Mac Roich posted:It's possible part of this has gone over my head but from a security perspective isn't ONLY filtering on a unique identifier just as much of a security fuckup? Unless you have each link individually encrypted you're still sending everyone's data to everyone else. It seems to me you have to have both, and the unencrypted identifier is only there so that you don't have to waste time decrypting data that isn't yours. Sure, except that most home users don't have the ability to capture optical frames, whereas everyone has the ability to capture ethernet frames. But yes, you are correct that the "proper" way to do it would be to encrypt each channel with a unique certificate for the authorized endpoint with some kind of temporal algorithm. But lol @ ISP giving a poo poo about customer privacy.
|
# ? Aug 1, 2017 23:25 |
|
Fergus Mac Roich posted:It's possible part of this has gone over my head but from a security perspective isn't ONLY filtering on a unique identifier just as much of a security fuckup? Unless you have each link individually encrypted you're still sending everyone's data to everyone else. It seems to me you have to have both, and the unencrypted identifier is only there so that you don't have to waste time decrypting data that isn't yours. There is something to be said about the technical hurdle for only filtering because it requires uncommon fiber optics that will discourage curious people poking around. It;'s a poo poo control and gives a false sense of security but at least it keeps the traffic off the rj45 port where its completely trivial to see. I 100% agree that encryption is the only correct solution but its unclear if the hardware supports that and if that is the case its going to take a couple years before the ISP replaces these things with ones that support it.
|
# ? Aug 1, 2017 23:28 |
|
True, even if it was cwdm passively you'd be able to "see" it. Years ago there was something similar with being able to use a tuner card and a c-band dish. This was when you used a dialup ISP for the upstream. You could spoof traffic so it would get sent over the dish, maybe, but you could run software and absorb files and things that were coming over it.
|
# ? Aug 1, 2017 23:39 |
|
lomarf https://twitter.com/o_cee/status/892306836199800836
|
# ? Aug 2, 2017 00:10 |
|
lol https://twitter.com/iamakulov/status/892485192883073024lol
|
# ? Aug 2, 2017 00:12 |
|
Welp, reported through a burner account. They seemed interested in looking in it it and fixing. Hope this doesn't turn lovely on me.
|
# ? Aug 2, 2017 00:33 |
|
lol i loving knew it, whenever i do an npm search and see like 8 different similarly-named packages clustered around the official one i'm like "lol those are totally stealing poo poo" it's good to see I was right
|
# ? Aug 2, 2017 00:35 |
|
BangersInMyKnickers posted:Welp, reported through a burner account. They seemed interested in looking in it it and fixing. Hope this doesn't turn lovely on me.
|
# ? Aug 2, 2017 00:38 |
|
BangersInMyKnickers posted:Welp, reported through a burner account. They seemed interested in looking in it it and fixing. Hope this doesn't turn lovely on me. fingers crossed for u
|
# ? Aug 2, 2017 00:42 |
|
BangersInMyKnickers posted:Okay, so I found a spec sheet for this ZTE piece of poo poo and apparently it can't do link encryption but PON networks support UNI/GEM filtering where you assign each device a unique ID and the encapsulation layer knows to discard the frames that aren't destined for it but I guess my ISP just put everybody on the same one so you see other's traffic. Should be trivial for them to at least triage but a proper fix requires them to not buy the cheapest poo poo available from china This isn't Belong by any chance? They are already in trouble for taking a ton of government money and oversubscribing their services so people are getting lovely speeds in busy areas.
|
# ? Aug 2, 2017 07:30 |
|
Different ISP, but I'm guessing most of the fiber rollouts that are happening these days are based on the same ZTE ONTs and could be similarly affected. PON is a good tech but oversubscription is possible. If a segment is getting overloaded they're supposed to split it apart to free up bandwidth and have enough dark fiber on whatever uplink they're using to handle it but if you're cheap then that hits your bottom line. These folks have a policy that it should be hitting at least 500mbit during normal peak hours which is nice, I see 800+ on a regular basis. Anyway, I had some DM back and forth with them and they said they couldn't reproduce the issue and requested a pcap. They seemed interested in actually fixing it so I gave them some traffic capture from a passive Nic with no IP stack on it and they said they found the problem and fixed it. I'm guessing whatever filtering they were using was failing since it wasn't a high enough volume of traffic that I would expect for it to be everything on my network segment. Maybe a known bug in firmware? Still, if they were doing link encryption those should have been passed as garbled nonsense so there's still a bigger issue to deal with.
|
# ? Aug 2, 2017 14:05 |
|
ymgve posted:isnt the scam that if you are dumb enough to call one of those numbers, you will get a visit from a girl, but she won't do anything sexual, just hang around seems like this would put your "girls" at tremendous risk of being beaten, raped, etc
|
# ? Aug 2, 2017 15:38 |
|
ate poo poo on live tv posted:Sure, except that most home users don't have the ability to capture optical frames, whereas everyone has the ability to capture ethernet frames. But yes, you are correct that the "proper" way to do it would be to encrypt each channel with a unique certificate for the authorized endpoint with some kind of temporal algorithm. where would you even get a PON device are there real standards for this like 802.3?
|
# ? Aug 2, 2017 15:40 |
|
Notorious b.s.d. posted:where would you even get a PON device http://www.ebay.com/itm/ZTE-GPON-ONT-ZXA10-F601-GE-speed-port-English-version-/332061214877?hash=item4d5064089d:g:9KsAAOSwJ7RYT2ng https://www.cozlink.com/fiber-optic-transceivers-c322-323/product-10586.html?gclid=EAIaIQobChMIsaP0xuu41QIV0YSzCh3XXQMYEAQYASABEgKo__D_BwE https://www.itu.int/rec/T-REC-G.987.1-201603-I/en
|
# ? Aug 2, 2017 16:14 |
|
MikroTik sells an SFP that supports GPON. https://mikrotik.com/product/SFPONU
|
# ? Aug 2, 2017 16:45 |
|
https://twitter.com/motherboard/status/892822308762644485
|
# ? Aug 2, 2017 21:11 |
|
|
# ? Aug 2, 2017 21:14 |
|
it is completely reasonable :iicr:
|
# ? Aug 2, 2017 21:27 |
|
i wonder how furries fare in countries with a burqa ban
|
# ? Aug 2, 2017 21:34 |
|
My PIN is 4826 posted:i wonder how furries fare in countries with a burqa ban
|
# ? Aug 2, 2017 21:35 |
|
|
# ? May 16, 2024 00:37 |
|
it would depend on whether or not the furry was non-white.
|
# ? Aug 2, 2017 21:36 |