Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
twoblacklabs
2 posts

Wannabe Geek

Trusted
TwoBlackLabs

  #2022544 25-May-2018 17:40
Send private message

I am pleased a number of you are finding the chart on our website useful. If you have any questions regarding GDPR please reach out as more than happy to help.

 

 

 

Caroline


nunz
1423 posts

Uber Geek
Inactive user


  #2022563 25-May-2018 18:10
Send private message

freitasm:

 

A good GDPR chart here.

 

 

 

 

Do I track the behaviour of EU residents. 3(2b)  Yup!! so I need to be compliant.

 

 

 

I track IP addresses from EU dirt bags (along with other world dirtbags) who try to break into my systems.They are in unencrypted Apache logs, syslogs , spam mail headers etc

 

How long do I keep that info: Indefintely: Once their IP goes into a .htaccess file or similar it is not removed as i cant be bothered with the pain of tracking whose IP was added and when and removing them when it expires. if the Euro ISP wont clean up their own mess then I cant be bothered giving their users access.

 

Do I give that info to non GDRP compliant countries. Yup!! Spam lists etc in USA, and other non compliant countries.

 

 

 

Do I intend to be compliant? nope. any law that makes me a criminal (except I'm not as its their law not mine) deserves me giving the man the finger. I'm going to do that safe in the knowledge I'm a little guy in a little country. That makes me feel very brave. And if I get caught. 1/5th of my income on my second , non active company? Hmm. Whats 2/5s of 3/8s of sweet very little come to in euros now days?

 

 

 

 


 
 
 
 


MichaelNZ
1174 posts

Uber Geek

Trusted
Integrity Tech Solutions

  #2022612 25-May-2018 20:10
Send private message

nunz:

 

How long do I keep that info: Indefintely: Once their IP goes into a .htaccess file or similar it is not removed as i cant be bothered with the pain of tracking whose IP was added and when and removing them when it expires. if the Euro ISP wont clean up their own mess then I cant be bothered giving their users access.

 

 

That sounds like a lot of work to prove a point.

 

Fail2ban is a lot easier.





Integrity Tech Solutions @ Norsewood, New Zealand


nunz
1423 posts

Uber Geek
Inactive user


  #2022618 25-May-2018 20:24
Send private message

MichaelNZ:

 

nunz:

 

How long do I keep that info: Indefintely: Once their IP goes into a .htaccess file or similar it is not removed as i cant be bothered with the pain of tracking whose IP was added and when and removing them when it expires. if the Euro ISP wont clean up their own mess then I cant be bothered giving their users access.

 

 

That sounds like a lot of work to prove a point.

 

Fail2ban is a lot easier.

 

 

Fail2Ban doesnt work on spam, immediately kill users entering common user names such as admin (none of our accounts are named admin), hitting weird services (example being ldap in certain setups), port sniffing or honeypots etc. it is a crude instrument counting failures -mostly authentication failures or request for non existing resources- in a certain amount of time. Fail2ban is one tool we use but there are a raft of others more geared to specific security in say wordpress as an example.

 

We also have the ability to see data across a larger number of mail accounts so when we see the same ip address hitting several mail accounts and delivering spam we know to ban that ip as a zombie or a deliberate richard head.

 

 

 

 


MichaelNZ
1174 posts

Uber Geek

Trusted
Integrity Tech Solutions

  #2022619 25-May-2018 20:31
Send private message

nunz:

 

Fail2Ban doesnt work on spam, immediately kill users entering common user names such as admin (none of our accounts are named admin), hitting weird services (example being ldap in certain setups), port sniffing or honeypots etc. it is a crude instrument counting failures -mostly authentication failures or request for non existing resources- in a certain amount of time. Fail2ban is one tool we use but there are a raft of others more geared to specific security in say wordpress as an example.

 

We also have the ability to see data across a larger number of mail accounts so when we see the same ip address hitting several mail accounts and delivering spam we know to ban that ip as a zombie or a deliberate richard head.

 

 

nunz:

 

I track IP addresses from EU dirt bags (along with other world dirtbags) who try to break into my systems.They are in unencrypted Apache logs, syslogs , spam mail headers etc

 

How long do I keep that info: Indefintely: Once their IP goes into a .htaccess file or similar it is not removed as i cant be bothered with the pain of tracking whose IP was added and when and removing them when it expires. if the Euro ISP wont clean up their own mess then I cant be bothered giving their users access.

 

Do I give that info to non GDRP compliant countries. Yup!! Spam lists etc in USA, and other non compliant countries.

 

 

There is no credible RBL (which I am aware of) who acts on single-user manually submitted data or permnantly lists IP's.

 

You must have a lot of time on your hands to be manually handling this stuff.





Integrity Tech Solutions @ Norsewood, New Zealand


dfnt
1202 posts

Uber Geek

Lifetime subscriber

  #2022620 25-May-2018 20:36
Send private message

Don't know about you but I'm so sick of all the GDPR emails I'm receiving..

 

Might put a keyword block on any emailing containing the word GDPR and deleting it immediately 


Behodar
7161 posts

Uber Geek

Trusted
Lifetime subscriber

  #2022636 25-May-2018 21:33
Send private message

nas: Don't know about you but I'm so sick of all the GDPR emails I'm receiving..

 

I got a lovely one the other day from the developer of some software I use. It had a Q&A and one of the entries was around having your details deleted. "We can do this, but please note that if we do so then you won't be able to get software upgrades because we won't know that you bought it." I had to laugh at that one!


 
 
 
 


raytaylor
3467 posts

Uber Geek

Trusted

  #2022643 25-May-2018 21:49
Send private message

Behodar:

 

nunz: Nope - you have then monitored IP addresses belonging to European Data residents.

 

[...]

 

According to the GDPR IP addresses constitute identifiable data that comes under their legislation

 

This is bizarre. First of all, don't the IP addresses belong to the ISPs (or maybe the registrars; I'm not exactly sure)? Are companies considered to be "residents"?

 

And even then, in this age of CG-NAT, an IP address can't even identify a city let alone an individual. My connection has a static IP, but again it could identify anyone in my household and not me specifically.

 

It seems that once again we're dealing with politicians that don't understand technology...

 

 


NAT:end users cannot be identified easily unless complex logging is used
CG-NAT: end users can be identified very easily with almost no logging

 

 





Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here




MichaelNZ
1174 posts

Uber Geek

Trusted
Integrity Tech Solutions

  #2022647 25-May-2018 21:55
Send private message

raytaylor:

 

NAT:end users cannot be identified easily unless complex logging is used
CG-NAT: end users can be identified very easily with almost no logging

 

 

My only experience with CG-NAT is on the receiving end, in the Philippines. The experience was not good.

 

Can you pleas explain more?





Integrity Tech Solutions @ Norsewood, New Zealand


nunz
1423 posts

Uber Geek
Inactive user


  #2022651 25-May-2018 22:14
Send private message

MichaelNZ:

 

nunz:

 

Fail2Ban doesnt work on spam, immediately kill users entering common user names such as admin (none of our accounts are named admin), hitting weird services (example being ldap in certain setups), port sniffing or honeypots etc. it is a crude instrument counting failures -mostly authentication failures or request for non existing resources- in a certain amount of time. Fail2ban is one tool we use but there are a raft of others more geared to specific security in say wordpress as an example.

 

We also have the ability to see data across a larger number of mail accounts so when we see the same ip address hitting several mail accounts and delivering spam we know to ban that ip as a zombie or a deliberate richard head.

 

 

nunz:

 

I track IP addresses from EU dirt bags (along with other world dirtbags) who try to break into my systems.They are in unencrypted Apache logs, syslogs , spam mail headers etc

 

How long do I keep that info: Indefintely: Once their IP goes into a .htaccess file or similar it is not removed as i cant be bothered with the pain of tracking whose IP was added and when and removing them when it expires. if the Euro ISP wont clean up their own mess then I cant be bothered giving their users access.

 

Do I give that info to non GDRP compliant countries. Yup!! Spam lists etc in USA, and other non compliant countries.

 

 

There is no credible RBL (which I am aware of) who acts on single-user manually submitted data or permnantly lists IP's.

 

You must have a lot of time on your hands to be manually handling this stuff.

 

 

You run enough mail services you start to see common spam hit different mail addresses, domains etc.  spam assassin and other systems are easy to chew through their filtering and find commonalities then ban them. I do very little - that's what code is for. At last count we were running 6 multi domain mail servers as well as pre filtering a number of other email sets for clients and running inhouse / single domain systems.

 

I eyeball aggregated logs a couple of times a day. I'm racist - if it is not from NZ, Aus or other countries that the client should get legitimate email from it hits the top of my aggregation list for a quick perusal. eg crap from romaina, netherlands and a number of other known spam zones gets delayed and filtered early on - as local shops don't normally get overseas inquiries.  some countries we flat out ban from our servers. none of our clients has any commerce or desire to have commerce with nigeria for instance. Until they clean up heir act we will actively discriminate against them.

 

Unfair? nope. No more so than kicking a known theif off your property after they have tired to steal from you multiple times. Plain old fashioned common sense.

 

There are a number of people who share info and peer to peer systems for other stuff. Honeypot collections you can sign up to and become part of an aggregated network. See here for example. http://www.projecthoneypot.org/faq.php

 

We auto report to gmail and a few others as per their abuse@... email addresses. if it is a credible ISP we report to them via their abuse networks. if more people start whinging about script kiddies and wanna be grifters then there would be more done. I act in a manner I would hope to see other people acting - apathy is rife - I just choose not to be apatheitc and take a stand.

 

 

 

 

 

 

 

 

 

 


nunz
1423 posts

Uber Geek
Inactive user


  #2022666 25-May-2018 22:20
Send private message

MichaelNZ:

 

raytaylor:

 

NAT:end users cannot be identified easily unless complex logging is used
CG-NAT: end users can be identified very easily with almost no logging

 

 

My only experience with CG-NAT is on the receiving end, in the Philippines. The experience was not good.

 

Can you pleas explain more?

 

 

At the end of the day data packets have to make some distinction even after being natted.

 

e.g. Simple example.

 

Two pcs in my house. one on 192.168.1.2 and one on 192.168.1.3

 

Both hit a web server (example.com)

 

The web server receives both requests from my outer ip address but has to respond to a different port. different port is either a different thread on the same machine or a different machine.

 

Some packets contain local host routing data, originating mac address or other identifying info.

 

you can spoof most of that stack but why would you when in the end all that will happen is you lose data packets designed to go to different machines but instead go to the wrong place.

 

Simple tcpdump and grep can seperate a lot of natted data.

 

 


raytaylor
3467 posts

Uber Geek

Trusted

  #2022668 25-May-2018 22:29
Send private message

With NAT

 

Your web browser on your computer opens a port and sends a packet out from 192.168.1.5:8033 >>> www.google.com:80

 

The router will remap the packet header from the internal ip address of 192.168.1.5:8033 to the public ip address on its WAN interface 100.101.102.103, and then randomly assigns a port :4464

 

The router then creates an entry in its connection table that any incoming packets from www.google.com:80 addressed to the wan interface and port 100.101.102.103:4464 get redirected to your local computer 192.168.1.5:8033 where firefox browser is listening for the data. 

 

To track this for future use, the router must log 
- who had the ip address at what time, dhcp server logs
- each outbound TCP connection, the date, time and source ip address and port
- each outbound UDP packet header, the date, time and source ip address and port

 

Thats a boatload of data. 

 

 

 

Since many routers only have a few megabytes of RAM, the connection table gets flushed of any entries that have not shown any activity or packets for 15 minutes. 
A default firewall is created because when a packet comes in, if there is no entry in the connection table, the NAT router doesnt know which computer to send it on the local network and therefore the packet is dropped. 

 

 

 

 

 

However with CG NAT, when the packet header is re-written on its way out, it will pick a port based on your ip address. 

 

Eg. 

 

192.168.1.2:0-65535 gets remapped to 100.101.102.103:10000-11000
192.168.1.3:0-65535 gets remapped to 100.101.102.103:12000-13000
192.168.1.4:0-65535 gets remapped to 100.101.102.103:14000-15000
192.168.1.5:0-65535 gets remapped to 100.101.102.103:16000-17000
192.168.1.6:0-65535 gets remapped to 100.101.102.103:18000-19000

 

If the website provider says "we had a hacker or someone sharing music that came in from 100.101.102.103:14291" we can instantly say well thats customer ip address 100.101.102.103 - john doe from york street. 

 

The port 14291 means that must be computer 192.168.1.4

 

 

 

Now we imagine this router is on a bigger scale

 

Instead of issuing customers 192.168 addresses, the isp will put a CG-NAT ip address on your wan port. 
So you have a double-NAT situation, except the one that counts is the ISP puts all your traffic into a specific range of ports. 

 

This also has the benefit for customers. 

 

If you wanted to run a server on your home network, you can ask your ISP to tell you what range of ports are assigned to you and in your device (such as a web camera) you can program it to listen on a port within the range and your router can forward the port to that device. 

 

The ISP would set up port forwarding in their CG-NAT router too so that any incoming packets will be forwarded to a specific customer cg-nat ip address based on the destination port number. This allows the customer to still make use of the shared public ip address and forward ports (so long as they are within their assigned range) 

 

Different ISPs will set up different levels of CG-NAT implementation. 

 

Standard company rules will then tell them what public ip address and port range is assigned to what cg-nat range (customer end) ip address

 

So all the isp needs to log is the dhcp info - what cg-nat ip address had been assigend to each customer router at which time. And that can simply be one single line in a log file per day, per customer. 





Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here




MichaelNZ
1174 posts

Uber Geek

Trusted
Integrity Tech Solutions

  #2022670 25-May-2018 22:37
Send private message

nunz:

 

We auto report to gmail and a few others as per their abuse@... email addresses. if it is a credible ISP we report to them via their abuse networks. if more people start whinging about script kiddies and wanna be grifters then there would be more done. I act in a manner I would hope to see other people acting - apathy is rife - I just choose not to be apatheitc and take a stand.

 

 

It's not apathy. It's just plain numbers and previous experience.

 

I rarely block by hand.

 

I have implemented various spam filtering/blocking stuff but it is all done on the basis it has to be automated and scalable.

 

Otherwise I would literally have a full time job just chasing my tail and I would still not make any dent in the problem.

 

nunz:

 

I'm racist - if it is not from NZ, Aus or other countries that the client should get legitimate email from it hits the top of my aggregation list for a quick perusal. eg crap from romaina, netherlands and a number of other known spam zones gets delayed and filtered early on - as local shops don't normally get overseas inquiries.  some countries we flat out ban from our servers. none of our clients has any commerce or desire to have commerce with nigeria for instance. Until they clean up heir act we will actively discriminate against them.

 

 

Are your customers aware of this policy - and importantly - have they agreed to it in writing?

 

It is totally not my business who [people who use the email servers for which I am responsible] do business with, and I have no policies whatsoever based on race or national origin. 

 

While I support your right to hold racist ideas (solely because I believe in free speech), I suggest being the arbiter of other people's email on this basis is not only unethical, it's also legally dubious.





Integrity Tech Solutions @ Norsewood, New Zealand


Benjip
740 posts

Ultimate Geek

Subscriber

  #2022787 26-May-2018 09:32
Send private message

nas:

 

Don't know about you but I'm so sick of all the GDPR emails I'm receiving..

 

Might put a keyword block on any emailing containing the word GDPR and deleting it immediately 

 

 

I did the same in my Gmail and G Suite accounts yesterday and the filters have already picked up about 10-15 emails.

 

I set up a filter that searches for the word "privacy" in the subject, or "GDPR" in the body of the email, and sets any matching emails to "Mark as read". That way they're still in your inbox if you need them, but they won't disturb you with any notifications. Peace at last!

 

I should've done it weeks ago as I've been getting at least 10 each day across my various email addresses for the past 3-4 weeks.


Behodar
7161 posts

Uber Geek

Trusted
Lifetime subscriber

  #2022797 26-May-2018 10:00
Send private message

raytaylor: If the website provider says "we had a hacker or someone sharing music that came in from 100.101.102.103:14291" we can instantly say well thats customer ip address 100.101.102.103 - john doe from york street.

 

As an ISP you can do that, but I was using the perspective of a site owner. If I understand correctly, the only information I can get out of a CG-NAT IP address is the ISP that it's allocated to. Without actually contacting the ISP (which would presumably involve its own privacy policy etc) I can't get any end-user details out of a CG-NAT IP address. Please do correct me if I'm wrong!


1 | 2 | 3 | 4
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic





News »

Nanoleaf enhances lighting line with launch of Triangles and Mini Triangles
Posted 17-Oct-2020 20:18


Synology unveils DS1621+ 
Posted 17-Oct-2020 20:12


Ingram Micro introduces FootfallCam to New Zealand channel
Posted 17-Oct-2020 20:06


Dropbox adopts Virtual First working policy
Posted 17-Oct-2020 19:47


OPPO announces Reno4 Series 5G line-up in NZ
Posted 16-Oct-2020 08:52


Microsoft Highway to a Hundred expands to Asia Pacific
Posted 14-Oct-2020 09:34


Spark turns on 5G in Auckland
Posted 14-Oct-2020 09:29


AMD Launches AMD Ryzen 5000 Series Desktop Processors
Posted 9-Oct-2020 10:13


Teletrac Navman launches integrated multi-camera solution for transport and logistics industry
Posted 8-Oct-2020 10:57


Farmside hits 10,000 RBI customers
Posted 7-Oct-2020 15:32


NordVPN starts deploying colocated servers
Posted 7-Oct-2020 09:00


Google introduces Nest Wifi routers in New Zealand
Posted 7-Oct-2020 05:00


Orcon to bundle Google Nest Wifi router with new accounts
Posted 7-Oct-2020 05:00


Epay and Centrapay partner to create digital gift cards
Posted 2-Oct-2020 17:34


Inseego launches 5G MiFi M2000 mobile hotspot
Posted 2-Oct-2020 14:53









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.