Hacker News with Generative AI: Network Security

Faster Firewalls with Bpfilter (lwn.net)
From servers in a data center to desktop computers, many devices communicating on a network will eventually have to filter network traffic, whether it's for security or performance reasons. As a result, this is a domain where a lot of work is put into improving performance: a tiny performance improvement can have considerable gains.

Network Security, Performance Optimization, Linux

23 points by signa11 36 days ago | 1 comments

Be Careful of Your UDP Service: Preauth DoS on Windows Deployment Service (sites.google.com)
While there is extensive research on remote code execution vulnerabilities, remote memory exhaustion vulnerabilities in critical infrastructure services remain dangerously understudied—posing hidden internet-scale threats. These flaws allow unauthenticated attackers to remotely deplete system memory, crashing essential services with minimal effort. This systemic blind spot threatens the resilience of the internet at scale.

Security, Network Security, Denial-of-Service Attacks, Windows

9 points by campuscodi 54 days ago | 3 comments

Force Devices to use Pi-hole (serverless.industries)
Setting up Pi-hole on a Raspberry Pi or as Docker Container is not hard.

Network Security, Raspberry Pi, Docker

9 points by perryflynn 73 days ago | 1 comments

SSLyze – SSL configuration scanning library and CLI tool (github.com/nabla-c0d3)
SSLyze is a fast and powerful SSL/TLS scanning tool and Python library.

Security, Python, Tools, Network Security

48 points by Brysonbw 87 days ago | 5 comments

Show HN: I've created the fastest open-source DNS bruteforcer using XF_ADP (github.com/c3l3si4n)
An experimental high-performance DNS query bruteforce tool built with AF_XDP for extremely fast and accurate bulk DNS lookups.

Network Security, Open Source, Tools, Performance Optimization

15 points by celesian 99 days ago | 3 comments

Show HN: Usque – Open-Source Cloudflare Warp Masque Client (github.com/Diniboy1123)
Usque is an open-source reimplementation of the Cloudflare WARP client's MASQUE protocol. It leverages the Connnect-IP (RFC 9484) protocol and comes with many operation modes including a native tunnel mode (currently Linux only), a SOCKS5 proxy mode, and a HTTP proxy mode.

Open Source, Network Security, Cloudflare, VPN

17 points by MaryJohanna 100 days ago | 3 comments

Stuff a Pi-hole in your router because your browser is about to betray you (theregister.com)
A new, lightweight version of Pi-Hole is here. Just how easy is it to block advertising on your home network?

Network Security, Privacy, Advertising, Open-Source Software

106 points by tambourine_man 111 days ago | 92 comments

Rayhunter – Rust tool to detect cell site simulators on an orbic mobile hotspot (github.com/EFForg)
Rayhunter is an IMSI Catcher Catcher for the Orbic mobile hotspot.

Security, Mobile Devices, Rust, Open Source, Network Security

177 points by stefankuehnel 113 days ago | 18 comments

CGNAT frustrates all IP address-based technologies (2019) (sidn.nl)
CGNAT is a godsend for all internet access providers who have no IPv4 addresses left to assign to customers. At the same time, it's a serious impediment for police services and security tools. Whereas it was once possible to assume that an IP address was linked to a single customer, it can now be linked to thousands. As a result, many IP-based technologies and approaches no longer work properly.

Network Security, Internet Access, IPv4, Privacy

54 points by wofo 114 days ago | 61 comments

Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China [pdf] (gfw.report)

Cybersecurity, China, Vulnerability, Network Security

10 points by luu 114 days ago | 0 comments

Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China (gfw.report)
We present Wallbleed, a buffer over-read vulnerability that existed in the DNS injection subsystem of the Great Firewall of China.

Security, China, Network Security, Vulnerability

14 points by complexpass 116 days ago | 0 comments

Simplewall Has Been Discontinued (github.com/henrypp)
Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer.

Network Security, Windows, Open Source, Tools, Discontinued

54 points by akyuu 125 days ago | 79 comments

Can ISPs NetFlow data be used to track traffic going through VPNs? (ivpn.net)
This privacy guide will help you understand what information your Internet Service Provider (ISP) can view regarding your network activity and the implications if you are using a Virtual Private Network (VPN). In fact, many ISPs utilize NetFlow, a protocol developed by Cisco, to store the data concerning the traffic they route throughout the day.

Privacy, VPNs, ISPs, Network Security

15 points by rvnx 127 days ago | 0 comments

Juniper Networks Routers API Authentication Bypass Vulnerability (juniper.net)
Loading×Sorry to interruptCSS ErrorRefresh

Cybersecurity, Network Security, Vulnerability, Juniper Networks, Routers

3 points by zdw 129 days ago | 0 comments

Mysterious Palo Alto firewall reboots? You're not alone (theregister.com)
Administrators of Palo Alto Networks' firewalls have complained the equipment falls over unexpectedly, and while a fix has bee prepared, it's not yet generally available.

Cybersecurity, Network Security, Firewalls, IT Issues

10 points by LinuxBender 134 days ago | 0 comments

What is the future of WiFi (from a network security standpoint) (cloudi-fi.com)
We are currently operating in an exciting time for wireless, with the rising IoT tide, Wi-Fi 6E/7 and WPA3 taking root, and even more client devices finding their way to the wireless network. More and more companies are upgrading their wireless environment to a complete Wi-Fi architecture to embrace the power of hybrid work and hybrid spaces.

Network Security, Wireless Networking, Wi-Fi, IoT, Hybrid Work

32 points by Eingrand1978 170 days ago | 25 comments

Little Snitch: Network Monitor and Application Firewall for macOS (obdev.at)
The Little Snitch Network Monitor shows you where your Mac connects to on the Internet. You decide what you want to allow or deny.

macOS, Network Security, Firewall, Privacy, Security

188 points by stefankuehnel 180 days ago | 110 comments

PQConnect: Automated Post-Quantum End-to-End Tunnels (pqconnect.net)
PQConnect is a new easy-to-install layer of Internet security.

Cybersecurity, Post-Quantum Cryptography, Network Security

70 points by nabla9 182 days ago | 17 comments

Scanners Beware: Welcome to the network from hell (medium.com)
In today’s rapidly evolving landscape of technology, networks form the backbone of modern systems. Every second is a race, as malicious actors relentlessly probe for vulnerabilities, seeking their next weak link. But what if we could turn the tables, forcing attackers to question their assumptions and strategies?

Cybersecurity, Network Security, Hacking, Technology

109 points by vailunka 193 days ago | 27 comments

Implementing network time security (NTP NTS) at the hardware level (2022) (ripe.net)
Network Time Security (NTS) adds a vital layer of security to Network Time Protocol (NTP) services. Having carried out their software implementation of NTS back in 2019, Netnod has now implemented NTS at the hardware level.

Network Security, Hardware, NTP

13 points by fanf2 196 days ago | 0 comments

Maybe we should explicitly schedule rebooting our fleet every so often (utoronto.ca)
We just got through a downtime where we rebooted basically everything in our fleet, including things like firewalls.

Network Security, System Administration, Server Management

19 points by speckx 199 days ago | 6 comments

1,000s of Palo Alto Networks firewalls hijacked miscreants exploit critical hole (theregister.com)
Thousands of Palo Alto Networks firewalls were compromised by attackers exploiting two recently patched security bugs. The intruders were able to deploy web-accessible backdoors to remotely control the equipment as well as cryptocurrency miners and other malware.

Cybersecurity, Network Security, Data Breaches, Malware, Cryptocurrency

10 points by LinuxBender 214 days ago | 1 comments

A Brief History of the Internet's Biggest BGP Incidents (2023) (kentik.com)
Stretching back to the AS7007 leak of 1997, this comprehensive blog post covers the most notable and significant BGP incidents in the history of the internet, from traffic-disrupting BGP leaks to crypto-stealing BGP hijacks.

Internet History, BGP, Network Security

5 points by belter 214 days ago | 0 comments

1,000s of Palo Alto Networks firewalls hijacked as miscreants exploit hole (theregister.com)
Thousands of Palo Alto Networks firewalls were compromised by attackers exploiting two recently patched security bugs. The intruders were able to deploy web-accessible backdoors to remotely control the equipment as well as cryptocurrency miners and other malware.

Cybersecurity, Network Security, Data Breaches, Malware

18 points by LinuxBender 215 days ago | 2 comments

Over 2k Palo Alto firewalls hacked (bleepingcomputer.com)
Hackers have already compromised thousands of Palo Alto Networks firewalls in attacks exploiting two recently patched zero-day vulnerabilities.

Cybersecurity, Network Security, Firewalls, Zero-Day Vulnerabilities

11 points by kwantaz 218 days ago | 3 comments

D-Link won't fix critical flaw affecting 60k older NAS devices (bleepingcomputer.com)
More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit.

Cybersecurity, Network Security, Hardware, Vulnerabilities, End-of-Life Products

4 points by benkan 227 days ago | 3 comments

Mitigating IP spoofing against Tor (torproject.org)
At the end of October, Tor directory authorities, relay operators, and even the Tor Project sysadmin team received multiple abuse complaints from their providers about port scanning. These complaints were traced back to a coordinated IP spoofing attack, where an attacker spoofed non-exit relays and other Tor-related IPs to trigger abuse reports aimed at disrupting the Tor Project and the Tor network.

Security, Network Security, Tor Network, IP Spoofing

49 points by 0xggus 230 days ago | 5 comments

How to inspect TLS encrypted traffic (apnic.net)
Do you want to analyse decrypted TLS traffic in Wireshark or let an Intrusion Detection System (IDS), like Suricata, Snort or Zeek, inspect the application layer data of potentially malicious TLS encrypted traffic?

Network Security, TLS, Traffic Analysis, Intrusion Detection

14 points by belter 238 days ago | 0 comments

Ask HN: What ist your AdBlock strategy? (ycombinator.com)
Hi, Just installed OpenWRT. Which solutions for ad blocking and other trackers would you recommend?

Open Source, Network Security, Privacy, Ad Blocking

99 points by laserstrahl 242 days ago | 183 comments

Top Cloudflare Tunnel Alternatives in 2024 (pinggy.io)
Cloudflare Tunnel provides a seamless way to connect applications and services to the Cloudflare infrastructure without needing a public IP address. While it’s a powerful tool, several alternatives offer similar capabilities with unique features and benefits. In this article, we’ll explore the top 10 Cloudflare Tunnel alternatives in 2024, covering their Pros, Cons,Uses, Installation process, and pricing to help you find the best solution for your needs.

Cloud Computing, Network Security, Software, Comparisons, Alternatives

12 points by AbhilashK26 249 days ago | 1 comments