Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
2 posts

Wannabe Geek

Trusted
TwoBlackLabs

  # 2022544 25-May-2018 17:40
One person supports this post
Send private message

I am pleased a number of you are finding the chart on our website useful. If you have any questions regarding GDPR please reach out as more than happy to help.

 

 

 

Caroline


1384 posts

Uber Geek

Subscriber

  # 2022563 25-May-2018 18:10
One person supports this post
Send private message

freitasm:

 

A good GDPR chart here.

 

 

 

 

Do I track the behaviour of EU residents. 3(2b)  Yup!! so I need to be compliant.

 

 

 

I track IP addresses from EU dirt bags (along with other world dirtbags) who try to break into my systems.They are in unencrypted Apache logs, syslogs , spam mail headers etc

 

How long do I keep that info: Indefintely: Once their IP goes into a .htaccess file or similar it is not removed as i cant be bothered with the pain of tracking whose IP was added and when and removing them when it expires. if the Euro ISP wont clean up their own mess then I cant be bothered giving their users access.

 

Do I give that info to non GDRP compliant countries. Yup!! Spam lists etc in USA, and other non compliant countries.

 

 

 

Do I intend to be compliant? nope. any law that makes me a criminal (except I'm not as its their law not mine) deserves me giving the man the finger. I'm going to do that safe in the knowledge I'm a little guy in a little country. That makes me feel very brave. And if I get caught. 1/5th of my income on my second , non active company? Hmm. Whats 2/5s of 3/8s of sweet very little come to in euros now days?

 

 

 

 





nunz

 
 
 
 


Linux Systems Admin
1122 posts

Uber Geek

Trusted
Integrity Tech Solutions
Subscriber

  # 2022612 25-May-2018 20:10
Send private message

nunz:

 

How long do I keep that info: Indefintely: Once their IP goes into a .htaccess file or similar it is not removed as i cant be bothered with the pain of tracking whose IP was added and when and removing them when it expires. if the Euro ISP wont clean up their own mess then I cant be bothered giving their users access.

 

 

That sounds like a lot of work to prove a point.

 

Fail2ban is a lot easier.





Integrity Tech Solutions @ Norsewood, New Zealand


1384 posts

Uber Geek

Subscriber

  # 2022618 25-May-2018 20:24
Send private message

MichaelNZ:

 

nunz:

 

How long do I keep that info: Indefintely: Once their IP goes into a .htaccess file or similar it is not removed as i cant be bothered with the pain of tracking whose IP was added and when and removing them when it expires. if the Euro ISP wont clean up their own mess then I cant be bothered giving their users access.

 

 

That sounds like a lot of work to prove a point.

 

Fail2ban is a lot easier.

 

 

Fail2Ban doesnt work on spam, immediately kill users entering common user names such as admin (none of our accounts are named admin), hitting weird services (example being ldap in certain setups), port sniffing or honeypots etc. it is a crude instrument counting failures -mostly authentication failures or request for non existing resources- in a certain amount of time. Fail2ban is one tool we use but there are a raft of others more geared to specific security in say wordpress as an example.

 

We also have the ability to see data across a larger number of mail accounts so when we see the same ip address hitting several mail accounts and delivering spam we know to ban that ip as a zombie or a deliberate richard head.

 

 

 

 





nunz

Linux Systems Admin
1122 posts

Uber Geek

Trusted
Integrity Tech Solutions
Subscriber

  # 2022619 25-May-2018 20:31
Send private message

nunz:

 

Fail2Ban doesnt work on spam, immediately kill users entering common user names such as admin (none of our accounts are named admin), hitting weird services (example being ldap in certain setups), port sniffing or honeypots etc. it is a crude instrument counting failures -mostly authentication failures or request for non existing resources- in a certain amount of time. Fail2ban is one tool we use but there are a raft of others more geared to specific security in say wordpress as an example.

 

We also have the ability to see data across a larger number of mail accounts so when we see the same ip address hitting several mail accounts and delivering spam we know to ban that ip as a zombie or a deliberate richard head.

 

 

nunz:

 

I track IP addresses from EU dirt bags (along with other world dirtbags) who try to break into my systems.They are in unencrypted Apache logs, syslogs , spam mail headers etc

 

How long do I keep that info: Indefintely: Once their IP goes into a .htaccess file or similar it is not removed as i cant be bothered with the pain of tracking whose IP was added and when and removing them when it expires. if the Euro ISP wont clean up their own mess then I cant be bothered giving their users access.

 

Do I give that info to non GDRP compliant countries. Yup!! Spam lists etc in USA, and other non compliant countries.

 

 

There is no credible RBL (which I am aware of) who acts on single-user manually submitted data or permnantly lists IP's.

 

You must have a lot of time on your hands to be manually handling this stuff.





Integrity Tech Solutions @ Norsewood, New Zealand


defiant
1004 posts

Uber Geek

Lifetime subscriber

  # 2022620 25-May-2018 20:36
6 people support this post
Send private message

Don't know about you but I'm so sick of all the GDPR emails I'm receiving..

 

Might put a keyword block on any emailing containing the word GDPR and deleting it immediately 


6733 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2022636 25-May-2018 21:33
One person supports this post
Send private message

nas: Don't know about you but I'm so sick of all the GDPR emails I'm receiving..

 

I got a lovely one the other day from the developer of some software I use. It had a Q&A and one of the entries was around having your details deleted. "We can do this, but please note that if we do so then you won't be able to get software upgrades because we won't know that you bought it." I had to laugh at that one!


 
 
 
 


3404 posts

Uber Geek

Trusted

  # 2022643 25-May-2018 21:49
Send private message

Behodar:

 

nunz: Nope - you have then monitored IP addresses belonging to European Data residents.

 

[...]

 

According to the GDPR IP addresses constitute identifiable data that comes under their legislation

 

This is bizarre. First of all, don't the IP addresses belong to the ISPs (or maybe the registrars; I'm not exactly sure)? Are companies considered to be "residents"?

 

And even then, in this age of CG-NAT, an IP address can't even identify a city let alone an individual. My connection has a static IP, but again it could identify anyone in my household and not me specifically.

 

It seems that once again we're dealing with politicians that don't understand technology...

 

 


NAT:end users cannot be identified easily unless complex logging is used
CG-NAT: end users can be identified very easily with almost no logging

 

 





Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here




Linux Systems Admin
1122 posts

Uber Geek

Trusted
Integrity Tech Solutions
Subscriber

  # 2022647 25-May-2018 21:55
Send private message

raytaylor:

 

NAT:end users cannot be identified easily unless complex logging is used
CG-NAT: end users can be identified very easily with almost no logging

 

 

My only experience with CG-NAT is on the receiving end, in the Philippines. The experience was not good.

 

Can you pleas explain more?





Integrity Tech Solutions @ Norsewood, New Zealand


1384 posts

Uber Geek

Subscriber

  # 2022651 25-May-2018 22:14
Send private message

MichaelNZ:

 

nunz:

 

Fail2Ban doesnt work on spam, immediately kill users entering common user names such as admin (none of our accounts are named admin), hitting weird services (example being ldap in certain setups), port sniffing or honeypots etc. it is a crude instrument counting failures -mostly authentication failures or request for non existing resources- in a certain amount of time. Fail2ban is one tool we use but there are a raft of others more geared to specific security in say wordpress as an example.

 

We also have the ability to see data across a larger number of mail accounts so when we see the same ip address hitting several mail accounts and delivering spam we know to ban that ip as a zombie or a deliberate richard head.

 

 

nunz:

 

I track IP addresses from EU dirt bags (along with other world dirtbags) who try to break into my systems.They are in unencrypted Apache logs, syslogs , spam mail headers etc

 

How long do I keep that info: Indefintely: Once their IP goes into a .htaccess file or similar it is not removed as i cant be bothered with the pain of tracking whose IP was added and when and removing them when it expires. if the Euro ISP wont clean up their own mess then I cant be bothered giving their users access.

 

Do I give that info to non GDRP compliant countries. Yup!! Spam lists etc in USA, and other non compliant countries.

 

 

There is no credible RBL (which I am aware of) who acts on single-user manually submitted data or permnantly lists IP's.

 

You must have a lot of time on your hands to be manually handling this stuff.

 

 

You run enough mail services you start to see common spam hit different mail addresses, domains etc.  spam assassin and other systems are easy to chew through their filtering and find commonalities then ban them. I do very little - that's what code is for. At last count we were running 6 multi domain mail servers as well as pre filtering a number of other email sets for clients and running inhouse / single domain systems.

 

I eyeball aggregated logs a couple of times a day. I'm racist - if it is not from NZ, Aus or other countries that the client should get legitimate email from it hits the top of my aggregation list for a quick perusal. eg crap from romaina, netherlands and a number of other known spam zones gets delayed and filtered early on - as local shops don't normally get overseas inquiries.  some countries we flat out ban from our servers. none of our clients has any commerce or desire to have commerce with nigeria for instance. Until they clean up heir act we will actively discriminate against them.

 

Unfair? nope. No more so than kicking a known theif off your property after they have tired to steal from you multiple times. Plain old fashioned common sense.

 

There are a number of people who share info and peer to peer systems for other stuff. Honeypot collections you can sign up to and become part of an aggregated network. See here for example. http://www.projecthoneypot.org/faq.php

 

We auto report to gmail and a few others as per their abuse@... email addresses. if it is a credible ISP we report to them via their abuse networks. if more people start whinging about script kiddies and wanna be grifters then there would be more done. I act in a manner I would hope to see other people acting - apathy is rife - I just choose not to be apatheitc and take a stand.

 

 

 

 

 

 

 

 

 

 





nunz

1384 posts

Uber Geek

Subscriber

  # 2022666 25-May-2018 22:20
Send private message

MichaelNZ:

 

raytaylor:

 

NAT:end users cannot be identified easily unless complex logging is used
CG-NAT: end users can be identified very easily with almost no logging

 

 

My only experience with CG-NAT is on the receiving end, in the Philippines. The experience was not good.

 

Can you pleas explain more?

 

 

At the end of the day data packets have to make some distinction even after being natted.

 

e.g. Simple example.

 

Two pcs in my house. one on 192.168.1.2 and one on 192.168.1.3

 

Both hit a web server (example.com)

 

The web server receives both requests from my outer ip address but has to respond to a different port. different port is either a different thread on the same machine or a different machine.

 

Some packets contain local host routing data, originating mac address or other identifying info.

 

you can spoof most of that stack but why would you when in the end all that will happen is you lose data packets designed to go to different machines but instead go to the wrong place.

 

Simple tcpdump and grep can seperate a lot of natted data.

 

 





nunz

3404 posts

Uber Geek

Trusted

  # 2022668 25-May-2018 22:29
One person supports this post
Send private message

With NAT

 

Your web browser on your computer opens a port and sends a packet out from 192.168.1.5:8033 >>> www.google.com:80

 

The router will remap the packet header from the internal ip address of 192.168.1.5:8033 to the public ip address on its WAN interface 100.101.102.103, and then randomly assigns a port :4464

 

The router then creates an entry in its connection table that any incoming packets from www.google.com:80 addressed to the wan interface and port 100.101.102.103:4464 get redirected to your local computer 192.168.1.5:8033 where firefox browser is listening for the data. 

 

To track this for future use, the router must log 
- who had the ip address at what time, dhcp server logs
- each outbound TCP connection, the date, time and source ip address and port
- each outbound UDP packet header, the date, time and source ip address and port

 

Thats a boatload of data. 

 

 

 

Since many routers only have a few megabytes of RAM, the connection table gets flushed of any entries that have not shown any activity or packets for 15 minutes. 
A default firewall is created because when a packet comes in, if there is no entry in the connection table, the NAT router doesnt know which computer to send it on the local network and therefore the packet is dropped. 

 

 

 

 

 

However with CG NAT, when the packet header is re-written on its way out, it will pick a port based on your ip address. 

 

Eg. 

 

192.168.1.2:0-65535 gets remapped to 100.101.102.103:10000-11000
192.168.1.3:0-65535 gets remapped to 100.101.102.103:12000-13000
192.168.1.4:0-65535 gets remapped to 100.101.102.103:14000-15000
192.168.1.5:0-65535 gets remapped to 100.101.102.103:16000-17000
192.168.1.6:0-65535 gets remapped to 100.101.102.103:18000-19000

 

If the website provider says "we had a hacker or someone sharing music that came in from 100.101.102.103:14291" we can instantly say well thats customer ip address 100.101.102.103 - john doe from york street. 

 

The port 14291 means that must be computer 192.168.1.4

 

 

 

Now we imagine this router is on a bigger scale

 

Instead of issuing customers 192.168 addresses, the isp will put a CG-NAT ip address on your wan port. 
So you have a double-NAT situation, except the one that counts is the ISP puts all your traffic into a specific range of ports. 

 

This also has the benefit for customers. 

 

If you wanted to run a server on your home network, you can ask your ISP to tell you what range of ports are assigned to you and in your device (such as a web camera) you can program it to listen on a port within the range and your router can forward the port to that device. 

 

The ISP would set up port forwarding in their CG-NAT router too so that any incoming packets will be forwarded to a specific customer cg-nat ip address based on the destination port number. This allows the customer to still make use of the shared public ip address and forward ports (so long as they are within their assigned range) 

 

Different ISPs will set up different levels of CG-NAT implementation. 

 

Standard company rules will then tell them what public ip address and port range is assigned to what cg-nat range (customer end) ip address

 

So all the isp needs to log is the dhcp info - what cg-nat ip address had been assigend to each customer router at which time. And that can simply be one single line in a log file per day, per customer. 





Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here




Linux Systems Admin
1122 posts

Uber Geek

Trusted
Integrity Tech Solutions
Subscriber

  # 2022670 25-May-2018 22:37
Send private message

nunz:

 

We auto report to gmail and a few others as per their abuse@... email addresses. if it is a credible ISP we report to them via their abuse networks. if more people start whinging about script kiddies and wanna be grifters then there would be more done. I act in a manner I would hope to see other people acting - apathy is rife - I just choose not to be apatheitc and take a stand.

 

 

It's not apathy. It's just plain numbers and previous experience.

 

I rarely block by hand.

 

I have implemented various spam filtering/blocking stuff but it is all done on the basis it has to be automated and scalable.

 

Otherwise I would literally have a full time job just chasing my tail and I would still not make any dent in the problem.

 

nunz:

 

I'm racist - if it is not from NZ, Aus or other countries that the client should get legitimate email from it hits the top of my aggregation list for a quick perusal. eg crap from romaina, netherlands and a number of other known spam zones gets delayed and filtered early on - as local shops don't normally get overseas inquiries.  some countries we flat out ban from our servers. none of our clients has any commerce or desire to have commerce with nigeria for instance. Until they clean up heir act we will actively discriminate against them.

 

 

Are your customers aware of this policy - and importantly - have they agreed to it in writing?

 

It is totally not my business who [people who use the email servers for which I am responsible] do business with, and I have no policies whatsoever based on race or national origin. 

 

While I support your right to hold racist ideas (solely because I believe in free speech), I suggest being the arbiter of other people's email on this basis is not only unethical, it's also legally dubious.





Integrity Tech Solutions @ Norsewood, New Zealand


664 posts

Ultimate Geek

Subscriber

  # 2022787 26-May-2018 09:32
One person supports this post
Send private message

nas:

 

Don't know about you but I'm so sick of all the GDPR emails I'm receiving..

 

Might put a keyword block on any emailing containing the word GDPR and deleting it immediately 

 

 

I did the same in my Gmail and G Suite accounts yesterday and the filters have already picked up about 10-15 emails.

 

I set up a filter that searches for the word "privacy" in the subject, or "GDPR" in the body of the email, and sets any matching emails to "Mark as read". That way they're still in your inbox if you need them, but they won't disturb you with any notifications. Peace at last!

 

I should've done it weeks ago as I've been getting at least 10 each day across my various email addresses for the past 3-4 weeks.


6733 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2022797 26-May-2018 10:00
Send private message

raytaylor: If the website provider says "we had a hacker or someone sharing music that came in from 100.101.102.103:14291" we can instantly say well thats customer ip address 100.101.102.103 - john doe from york street.

 

As an ISP you can do that, but I was using the perspective of a site owner. If I understand correctly, the only information I can get out of a CG-NAT IP address is the ISP that it's allocated to. Without actually contacting the ISP (which would presumably involve its own privacy policy etc) I can't get any end-user details out of a CG-NAT IP address. Please do correct me if I'm wrong!


1 | 2 | 3 | 4
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Arlo unveils its first video doorbell
Posted 21-Oct-2019 08:27


New Zealand students shortlisted for James Dyson Award
Posted 21-Oct-2019 08:18


Norton LifeLock Launches Norton 360
Posted 21-Oct-2019 08:11


Microsoft New Zealand Partner Awards results
Posted 18-Oct-2019 10:18


Logitech introduces new Made for Google keyboard and mouse devices
Posted 16-Oct-2019 13:36


MATTR launches to accelerate decentralised identity
Posted 16-Oct-2019 10:28


Vodafone X-Squad powers up for customers
Posted 16-Oct-2019 08:15


D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31


Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29


Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24


Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59


Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07


Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02


Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41


Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.