Hacker News with Generative AI: Network Security

Can ISPs NetFlow data be used to track traffic going through VPNs? (ivpn.net)
This privacy guide will help you understand what information your Internet Service Provider (ISP) can view regarding your network activity and the implications if you are using a Virtual Private Network (VPN). In fact, many ISPs utilize NetFlow, a protocol developed by Cisco, to store the data concerning the traffic they route throughout the day.

Privacy, VPNs, ISPs, Network Security

15 points by rvnx 1 day ago | 0 comments

Juniper Networks Routers API Authentication Bypass Vulnerability (juniper.net)
Loading×Sorry to interruptCSS ErrorRefresh

Cybersecurity, Network Security, Vulnerability, Juniper Networks, Routers

3 points by zdw 3 days ago | 0 comments

Mysterious Palo Alto firewall reboots? You're not alone (theregister.com)
Administrators of Palo Alto Networks' firewalls have complained the equipment falls over unexpectedly, and while a fix has bee prepared, it's not yet generally available.

Cybersecurity, Network Security, Firewalls, IT Issues

10 points by LinuxBender 8 days ago | 0 comments

What is the future of WiFi (from a network security standpoint) (cloudi-fi.com)
We are currently operating in an exciting time for wireless, with the rising IoT tide, Wi-Fi 6E/7 and WPA3 taking root, and even more client devices finding their way to the wireless network. More and more companies are upgrading their wireless environment to a complete Wi-Fi architecture to embrace the power of hybrid work and hybrid spaces.

Network Security, Wireless Networking, Wi-Fi, IoT, Hybrid Work

32 points by Eingrand1978 44 days ago | 25 comments

Little Snitch: Network Monitor and Application Firewall for macOS (obdev.at)
The Little Snitch Network Monitor shows you where your Mac connects to on the Internet. You decide what you want to allow or deny.

macOS, Network Security, Firewall, Privacy, Security

188 points by stefankuehnel 54 days ago | 110 comments

PQConnect: Automated Post-Quantum End-to-End Tunnels (pqconnect.net)
PQConnect is a new easy-to-install layer of Internet security.

Cybersecurity, Post-Quantum Cryptography, Network Security

70 points by nabla9 56 days ago | 17 comments

Scanners Beware: Welcome to the network from hell (medium.com)
In today’s rapidly evolving landscape of technology, networks form the backbone of modern systems. Every second is a race, as malicious actors relentlessly probe for vulnerabilities, seeking their next weak link. But what if we could turn the tables, forcing attackers to question their assumptions and strategies?

Cybersecurity, Network Security, Hacking, Technology

109 points by vailunka 67 days ago | 27 comments

Implementing network time security (NTP NTS) at the hardware level (2022) (ripe.net)
Network Time Security (NTS) adds a vital layer of security to Network Time Protocol (NTP) services. Having carried out their software implementation of NTS back in 2019, Netnod has now implemented NTS at the hardware level.

Network Security, Hardware, NTP

13 points by fanf2 70 days ago | 0 comments

Maybe we should explicitly schedule rebooting our fleet every so often (utoronto.ca)
We just got through a downtime where we rebooted basically everything in our fleet, including things like firewalls.

Network Security, System Administration, Server Management

19 points by speckx 73 days ago | 6 comments

1,000s of Palo Alto Networks firewalls hijacked miscreants exploit critical hole (theregister.com)
Thousands of Palo Alto Networks firewalls were compromised by attackers exploiting two recently patched security bugs. The intruders were able to deploy web-accessible backdoors to remotely control the equipment as well as cryptocurrency miners and other malware.

Cybersecurity, Network Security, Data Breaches, Malware, Cryptocurrency

10 points by LinuxBender 88 days ago | 1 comments

A Brief History of the Internet's Biggest BGP Incidents (2023) (kentik.com)
Stretching back to the AS7007 leak of 1997, this comprehensive blog post covers the most notable and significant BGP incidents in the history of the internet, from traffic-disrupting BGP leaks to crypto-stealing BGP hijacks.

Internet History, BGP, Network Security

5 points by belter 88 days ago | 0 comments

1,000s of Palo Alto Networks firewalls hijacked as miscreants exploit hole (theregister.com)
Thousands of Palo Alto Networks firewalls were compromised by attackers exploiting two recently patched security bugs. The intruders were able to deploy web-accessible backdoors to remotely control the equipment as well as cryptocurrency miners and other malware.

Cybersecurity, Network Security, Data Breaches, Malware

18 points by LinuxBender 89 days ago | 2 comments

Over 2k Palo Alto firewalls hacked (bleepingcomputer.com)
Hackers have already compromised thousands of Palo Alto Networks firewalls in attacks exploiting two recently patched zero-day vulnerabilities.

Cybersecurity, Network Security, Firewalls, Zero-Day Vulnerabilities

11 points by kwantaz 92 days ago | 3 comments

D-Link won't fix critical flaw affecting 60k older NAS devices (bleepingcomputer.com)
More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit.

Cybersecurity, Network Security, Hardware, Vulnerabilities, End-of-Life Products

4 points by benkan 101 days ago | 3 comments

Mitigating IP spoofing against Tor (torproject.org)
At the end of October, Tor directory authorities, relay operators, and even the Tor Project sysadmin team received multiple abuse complaints from their providers about port scanning. These complaints were traced back to a coordinated IP spoofing attack, where an attacker spoofed non-exit relays and other Tor-related IPs to trigger abuse reports aimed at disrupting the Tor Project and the Tor network.

Security, Network Security, Tor Network, IP Spoofing

49 points by 0xggus 104 days ago | 5 comments

How to inspect TLS encrypted traffic (apnic.net)
Do you want to analyse decrypted TLS traffic in Wireshark or let an Intrusion Detection System (IDS), like Suricata, Snort or Zeek, inspect the application layer data of potentially malicious TLS encrypted traffic?

Network Security, TLS, Traffic Analysis, Intrusion Detection

14 points by belter 112 days ago | 0 comments

Ask HN: What ist your AdBlock strategy? (ycombinator.com)
Hi, Just installed OpenWRT. Which solutions for ad blocking and other trackers would you recommend?

Open Source, Network Security, Privacy, Ad Blocking

99 points by laserstrahl 116 days ago | 183 comments

Top Cloudflare Tunnel Alternatives in 2024 (pinggy.io)
Cloudflare Tunnel provides a seamless way to connect applications and services to the Cloudflare infrastructure without needing a public IP address. While it’s a powerful tool, several alternatives offer similar capabilities with unique features and benefits. In this article, we’ll explore the top 10 Cloudflare Tunnel alternatives in 2024, covering their Pros, Cons,Uses, Installation process, and pricing to help you find the best solution for your needs.

Cloud Computing, Network Security, Software, Comparisons, Alternatives

12 points by AbhilashK26 123 days ago | 1 comments

Dito – an advanced Layer 7 reverse proxy server written in Go (github.com/andrearaponi)
Dito is an advanced Layer 7 reverse proxy server written in Go.

Network Security

181 points by andrearaponi12 135 days ago | 95 comments

IPv6 Secure Neighbor Discovery (wikipedia.org)
The Secure Neighbor Discovery (SEND) protocol is a security extension of the Neighbor Discovery Protocol (NDP) in IPv6 defined in RFC 3971 and updated by RFC 6494.

Network Security, IPv6, Networking

4 points by harporoeder 137 days ago | 0 comments

The fix for BGP's weaknesses has big issues of its own, boffins find (theregister.com)
The Resource Public Key Infrastructure (RPKI) protocol has "software vulnerabilities, inconsistent specifications, and operational challenges" according to a pre-press paper from a trio of German researchers.

Network Security, Internet Protocols, Research, Cybersecurity

5 points by LinuxBender 142 days ago | 1 comments

Cloudflare auto-mitigated world record 3.8 Tbps DDoS attack (cloudflare.com)
Cloudflare's DDoS protection systems have been combating a month-long campaign of hyper-volumetric L3/4 DDoS attacks.

Cybersecurity, DDoS Attacks, Cloudflare, Internet Security, Network Security

10 points by syck 142 days ago | 0 comments

Ping Storms at GreyNoise (darthnull.org)
Earlier this month, I attended BSidesNoVA in Arlington, where the keynote was presented by Andrew Morris of GreyNoise. Using sensors distributed all over the world, GreyNoise collects…background noise…on the Internet.

Cybersecurity, Network Security, Internet, Research, GreyNoise

74 points by jkamdjou 145 days ago | 9 comments

Network Traffic Analysis of ICMP "Love" Noise Storms (darthnull.org)
Earlier this month, I attended BSidesNoVA in Arlington, where the keynote was Andrew Morris of GreyNoise. Using sensors distributed all over the world, GreyNoise collects…background noise…on the Internet. Basically, they watch and monitor activity that hits lots of hosts randomly – network mapping, port scanning, doorknob rattling. If you see someone trying to break into your SSH server, you can check GreyNoise to see if that person (well, their IP, anyway) has been seen doing such things in the past.

Network Security, Internet, Data Analysis, Security Research

9 points by a_morris 147 days ago | 2 comments

WiFi suspended at big UK train stations after 'cybersecurity incident' (theguardian.com)
Wifi networks at a number of train stations across the UK have been suspended after a “cybersecurity incident”.

Cybersecurity, Technology, UK, Transportation, Network Security

77 points by chrisjj 148 days ago | 77 comments

Excel spreadsheet caused network equipment's physical failure (twitter.com)

Network Security, Hardware Failure, Data Errors

49 points by __rito__ 150 days ago | 29 comments

Notes and Receipts (PCAPs) for TCP and ICMP Noise Storms (github.com/GreyNoise-Intelligence)
Notes and receipts (PCAPs) for TCP and ICMP Noise Storms

Network Security, Security Research, TCP/IP, ICMP

16 points by jayhoon 154 days ago | 1 comments

Cloudflare misidentifies Hetzner IPs as being located in Iran (gitlab.com)
We've recently (2-3 weeks?) started experiencing high failure rates in our CI build jobs https://gitlab.com/prpl-foundation/prplos/feed-prpl/-/jobs?statuses=FAILED and subjectively it seems, that it's getting worse each week, there is one such example https://gitlab.com/prpl-foundation/prplos/feed-prpl/-/jobs/3418282471.

Cloud Computing, Network Security, Germany, Iran

204 points by doruk101 156 days ago | 231 comments

Defend against vampires with 10 gbps network encryption (synacktiv.com)
Discover how attackers can sniff your data on network cables and how you can defend against it, by encrypting on-the-fly all your ethernet traffic with very good performance.

Cybersecurity, Network Security, Data Protection, Encryption

270 points by alxjsn 161 days ago | 81 comments

TUI for sniffing network traffic using eBPF on Linux (github.com/pythops)
🕵️‍♂️ TUI for sniffing network traffic using eBPF on Linux

Network Security, Linux, eBPF, TUI, Open Source

11 points by pythops 166 days ago | 0 comments