So, I was setting up an Arduino device and before I powered it up I found that I could reach 192.168.4.1 via 60.234.8.50

WTH?

MadEngineer:

 

So, I was setting up an Arduino device and before I powered it up I found that I could reach 192.168.4.1 via 60.234.8.50

 

 

WTH?

 

Several people screwed up things here.  Your router WAN port should not be passing traffic for any of the reserved "Private Network" address blocks (192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8).  But I have always expected that cheaper "home grade" routers will not automatically block that traffic for you, and may not have any option for you to add the blocked addresses manually either.  Vocus also should not be passing that traffic through its routers to you.  And some Vocus customer connected on 60.234.8.50 has really screwed up their router settings - they probably do not have NAT enabled.

Looks like I left out or removed bogon filtering, which I've now set.

/ip firewall address-list
add list="BOGONS" address=0.0.0.0/8
add list="BOGONS" address=10.0.0.0/8
add list="BOGONS" address=100.64.0.0/10
add list="BOGONS" address=127.0.0.0/8
add list="BOGONS" address=169.254.0.0/16
add list="BOGONS" address=172.16.0.0/12
add list="BOGONS" address=192.0.0.0/24
add list="BOGONS" address=192.0.2.0/24
add list="BOGONS" address=192.168.0.0/16
add list="BOGONS" address=198.18.0.0/15
add list="BOGONS" address=198.51.100.0/24
add list="BOGONS" address=203.0.113.0/24
add list="BOGONS" address=224.0.0.0/3
 
/ip firewall filter
add action=drop chain=forward comment="Block Bogon IP Addresses" in-interface=vlan1 src-address-list=BOGONS

Changed that to:

/ip firewall raw
add chain=prerouting in-interface=vlan1 src-address-list=BOGONS action=drop comment="Drop bogons from WAN"

Which kills both forwarding and input.

Doesn't stop Vocus from offering itself as a route there however.

Apparently I could try setting up a Team Cymru BGP peer to add filtering.

[/quode], huh?

Is neb actually still around or does he still have to sit in the dungeon? 🤔

It was lifted ages ago.

@freitasm, are the sources of +1s readily visible to you , and mods?

freitasm:

 

It was lifted ages ago.

 

So he eremitised himself.😉

elpenguino:

 

@freitasm, are the sources of +1s readily visible to you , and mods?

 

Yes. 

freitasm:

 

elpenguino:

 

@freitasm, are the sources of +1s readily visible to you , and mods?

 

 

Yes. 

 

Oh, the power !

elpenguino:

 

freitasm:

 

Yes. 

 

 

Oh, the power !

 

By the power of Grayskull! 😁

I wonder where this will go...

 Rogue communication devices found in Chinese solar power inverters | Reuters

This probably belongs in the Annoy thread but it is a question.

Why do I always get sick just before I go on leave?