Hacker News with Generative AI: Network Security

SSLyze – SSL configuration scanning library and CLI tool (github.com/nabla-c0d3)
SSLyze is a fast and powerful SSL/TLS scanning tool and Python library.
Show HN: I've created the fastest open-source DNS bruteforcer using XF_ADP (github.com/c3l3si4n)
An experimental high-performance DNS query bruteforce tool built with AF_XDP for extremely fast and accurate bulk DNS lookups.
Show HN: Usque – Open-Source Cloudflare Warp Masque Client (github.com/Diniboy1123)
Usque is an open-source reimplementation of the Cloudflare WARP client's MASQUE protocol. It leverages the Connnect-IP (RFC 9484) protocol and comes with many operation modes including a native tunnel mode (currently Linux only), a SOCKS5 proxy mode, and a HTTP proxy mode.
Stuff a Pi-hole in your router because your browser is about to betray you (theregister.com)
A new, lightweight version of Pi-Hole is here. Just how easy is it to block advertising on your home network?
Rayhunter – Rust tool to detect cell site simulators on an orbic mobile hotspot (github.com/EFForg)
Rayhunter is an IMSI Catcher Catcher for the Orbic mobile hotspot.
CGNAT frustrates all IP address-based technologies (2019) (sidn.nl)
CGNAT is a godsend for all internet access providers who have no IPv4 addresses left to assign to customers. At the same time, it's a serious impediment for police services and security tools. Whereas it was once possible to assume that an IP address was linked to a single customer, it can now be linked to thousands. As a result, many IP-based technologies and approaches no longer work properly.
Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China [pdf] (gfw.report)
Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China (gfw.report)
We present Wallbleed, a buffer over-read vulnerability that existed in the DNS injection subsystem of the Great Firewall of China.
Simplewall Has Been Discontinued (github.com/henrypp)
Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer.
Can ISPs NetFlow data be used to track traffic going through VPNs? (ivpn.net)
This privacy guide will help you understand what information your Internet Service Provider (ISP) can view regarding your network activity and the implications if you are using a Virtual Private Network (VPN). In fact, many ISPs utilize NetFlow, a protocol developed by Cisco, to store the data concerning the traffic they route throughout the day.
Juniper Networks Routers API Authentication Bypass Vulnerability (juniper.net)
Loading×Sorry to interruptCSS ErrorRefresh
Mysterious Palo Alto firewall reboots? You're not alone (theregister.com)
Administrators of Palo Alto Networks' firewalls have complained the equipment falls over unexpectedly, and while a fix has bee prepared, it's not yet generally available.
What is the future of WiFi (from a network security standpoint) (cloudi-fi.com)
We are currently operating in an exciting time for wireless, with the rising IoT tide, Wi-Fi 6E/7 and WPA3 taking root, and even more client devices finding their way to the wireless network. More and more companies are upgrading their wireless environment to a complete Wi-Fi architecture to embrace the power of hybrid work and hybrid spaces.
Little Snitch: Network Monitor and Application Firewall for macOS (obdev.at)
The Little Snitch Network Monitor shows you where your Mac connects to on the Internet. You decide what you want to allow or deny.
PQConnect: Automated Post-Quantum End-to-End Tunnels (pqconnect.net)
PQConnect is a new easy-to-install layer of Internet security.
Scanners Beware: Welcome to the network from hell (medium.com)
In today’s rapidly evolving landscape of technology, networks form the backbone of modern systems. Every second is a race, as malicious actors relentlessly probe for vulnerabilities, seeking their next weak link. But what if we could turn the tables, forcing attackers to question their assumptions and strategies?
Implementing network time security (NTP NTS) at the hardware level (2022) (ripe.net)
Network Time Security (NTS) adds a vital layer of security to Network Time Protocol (NTP) services. Having carried out their software implementation of NTS back in 2019, Netnod has now implemented NTS at the hardware level.
Maybe we should explicitly schedule rebooting our fleet every so often (utoronto.ca)
We just got through a downtime where we rebooted basically everything in our fleet, including things like firewalls.
1,000s of Palo Alto Networks firewalls hijacked miscreants exploit critical hole (theregister.com)
Thousands of Palo Alto Networks firewalls were compromised by attackers exploiting two recently patched security bugs. The intruders were able to deploy web-accessible backdoors to remotely control the equipment as well as cryptocurrency miners and other malware.
A Brief History of the Internet's Biggest BGP Incidents (2023) (kentik.com)
Stretching back to the AS7007 leak of 1997, this comprehensive blog post covers the most notable and significant BGP incidents in the history of the internet, from traffic-disrupting BGP leaks to crypto-stealing BGP hijacks.
1,000s of Palo Alto Networks firewalls hijacked as miscreants exploit hole (theregister.com)
Thousands of Palo Alto Networks firewalls were compromised by attackers exploiting two recently patched security bugs. The intruders were able to deploy web-accessible backdoors to remotely control the equipment as well as cryptocurrency miners and other malware.
Over 2k Palo Alto firewalls hacked (bleepingcomputer.com)
Hackers have already compromised thousands of Palo Alto Networks firewalls in attacks exploiting two recently patched zero-day vulnerabilities.
D-Link won't fix critical flaw affecting 60k older NAS devices (bleepingcomputer.com)
More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit.
Mitigating IP spoofing against Tor (torproject.org)
At the end of October, Tor directory authorities, relay operators, and even the Tor Project sysadmin team received multiple abuse complaints from their providers about port scanning. These complaints were traced back to a coordinated IP spoofing attack, where an attacker spoofed non-exit relays and other Tor-related IPs to trigger abuse reports aimed at disrupting the Tor Project and the Tor network.
How to inspect TLS encrypted traffic (apnic.net)
Do you want to analyse decrypted TLS traffic in Wireshark or let an Intrusion Detection System (IDS), like Suricata, Snort or Zeek, inspect the application layer data of potentially malicious TLS encrypted traffic?
Ask HN: What ist your AdBlock strategy? (ycombinator.com)
Hi, Just installed OpenWRT. Which solutions for ad blocking and other trackers would you recommend?
Top Cloudflare Tunnel Alternatives in 2024 (pinggy.io)
Cloudflare Tunnel provides a seamless way to connect applications and services to the Cloudflare infrastructure without needing a public IP address. While it’s a powerful tool, several alternatives offer similar capabilities with unique features and benefits. In this article, we’ll explore the top 10 Cloudflare Tunnel alternatives in 2024, covering their Pros, Cons,Uses, Installation process, and pricing to help you find the best solution for your needs.
Dito – an advanced Layer 7 reverse proxy server written in Go (github.com/andrearaponi)
Dito is an advanced Layer 7 reverse proxy server written in Go.
IPv6 Secure Neighbor Discovery (wikipedia.org)
The Secure Neighbor Discovery (SEND) protocol is a security extension of the Neighbor Discovery Protocol (NDP) in IPv6 defined in RFC 3971 and updated by RFC 6494.
The fix for BGP's weaknesses has big issues of its own, boffins find (theregister.com)
The Resource Public Key Infrastructure (RPKI) protocol has "software vulnerabilities, inconsistent specifications, and operational challenges" according to a pre-press paper from a trio of German researchers.