Show HN: Usque – Open-Source Cloudflare Warp Masque Client(github.com/Diniboy1123) Usque is an open-source reimplementation of the Cloudflare WARP client's MASQUE protocol. It leverages the Connnect-IP (RFC 9484) protocol and comes with many operation modes including a native tunnel mode (currently Linux only), a SOCKS5 proxy mode, and a HTTP proxy mode.
177 points by stefankuehnel 26 days ago | 18 comments
CGNAT frustrates all IP address-based technologies (2019)(sidn.nl) CGNAT is a godsend for all internet access providers who have no IPv4 addresses left to assign to customers. At the same time, it's a serious impediment for police services and security tools. Whereas it was once possible to assume that an IP address was linked to a single customer, it can now be linked to thousands. As a result, many IP-based technologies and approaches no longer work properly.
Can ISPs NetFlow data be used to track traffic going through VPNs?(ivpn.net) This privacy guide will help you understand what information your Internet Service Provider (ISP) can view regarding your network activity and the implications if you are using a Virtual Private Network (VPN). In fact, many ISPs utilize NetFlow, a protocol developed by Cisco, to store the data concerning the traffic they route throughout the day.
What is the future of WiFi (from a network security standpoint)(cloudi-fi.com) We are currently operating in an exciting time for wireless, with the rising IoT tide, Wi-Fi 6E/7 and WPA3 taking root, and even more client devices finding their way to the wireless network. More and more companies are upgrading their wireless environment to a complete Wi-Fi architecture to embrace the power of hybrid work and hybrid spaces.
Scanners Beware: Welcome to the network from hell(medium.com) In today’s rapidly evolving landscape of technology, networks form the backbone of modern systems. Every second is a race, as malicious actors relentlessly probe for vulnerabilities, seeking their next weak link. But what if we could turn the tables, forcing attackers to question their assumptions and strategies?
10 points by LinuxBender 127 days ago | 1 comments
A Brief History of the Internet's Biggest BGP Incidents (2023)(kentik.com) Stretching back to the AS7007 leak of 1997, this comprehensive blog post covers the most notable and significant BGP incidents in the history of the internet, from traffic-disrupting BGP leaks to crypto-stealing BGP hijacks.
Mitigating IP spoofing against Tor(torproject.org) At the end of October, Tor directory authorities, relay operators, and even the Tor Project sysadmin team received multiple abuse complaints from their providers about port scanning. These complaints were traced back to a coordinated IP spoofing attack, where an attacker spoofed non-exit relays and other Tor-related IPs to trigger abuse reports aimed at disrupting the Tor Project and the Tor network.
How to inspect TLS encrypted traffic(apnic.net) Do you want to analyse decrypted TLS traffic in Wireshark or let an Intrusion Detection System (IDS), like Suricata, Snort or Zeek, inspect the application layer data of potentially malicious TLS encrypted traffic?
99 points by laserstrahl 156 days ago | 183 comments
Top Cloudflare Tunnel Alternatives in 2024(pinggy.io) Cloudflare Tunnel provides a seamless way to connect applications and services to the Cloudflare infrastructure without needing a public IP address. While it’s a powerful tool, several alternatives offer similar capabilities with unique features and benefits. In this article, we’ll explore the top 10 Cloudflare Tunnel alternatives in 2024, covering their Pros, Cons,Uses, Installation process, and pricing to help you find the best solution for your needs.
181 points by andrearaponi12 175 days ago | 95 comments
IPv6 Secure Neighbor Discovery(wikipedia.org) The Secure Neighbor Discovery (SEND) protocol is a security extension of the Neighbor Discovery Protocol (NDP) in IPv6 defined in RFC 3971 and updated by RFC 6494.