What is this doing?
TL;DR A tarpit that detects network wide scans (e.g. nmap) and starts to slow down the scanning as much as possible by intercepting the scanning.
Readit Newsoherrala commented on Scanners Beware: Welcome to the network from hell medium.com/sensorfu/scann... · Posted by u/vailunka
oherrala commented on Escaping from isolated networks using Broadcast DNS medium.com/sensorfu/escap... · Posted by u/jviide
I'm not familiar with broadcast DNS. Does this purely result in an exfiltration capability or is there the possibility of a return channel as well?
Greetings from SensorFu and thanks for a good question! Sending DNS query via broadcast is a hack to escape from isolated environments and it takes advantage of operating system IP-stack's shortcomings. Since this is probably not conforming to any specifications anything could happen.
I'd say return channel might work and it depends on the device used to exfiltrate out. In case of proper DNS server like Active Directory mentioned in the article it's likely that it could work. But we have not yet done testing.
We have also seen devices that are not DNS servers and still just forward broadcast packets from one network interface to another. In such case the return channel might not be possible.
oherrala commented on Eliminating radio interference from Apple charger oh8hub.substack.com/p/eli... · Posted by u/oherrala
The author's minimal effort was facilitated by his access to specialized equipment and time researching the issue.
And as others have mentioned, Apple could have placed a small ferrite on the power supply PCB to achieve the same effect.
> The author's minimal effort
The minimal effort included hours of studying electrical engineering and radio technology at university including all the math and physics needed. Studying for amateur radio license. And after founding this issue delving deep into radio interference literature and datasheets of various components. Then setting up a test environment to replicate the issue and do tests trying to eliminate the interference. After a success write a blog post describing the solution in short and hopefully interesting way.
oherrala commented on Eliminating radio interference from Apple charger oh8hub.substack.com/p/eli... · Posted by u/oherrala
The issue could be coming from the AC-DC charger used with the MagSafe charger as well, maybe retest with an Apple charger?
The issue was confirmed with two separate MagSafe chargers and three or four separate AC/DC chargers. The lab test in the post was done using laboratory DC power supply powering a DC to USB converter.
Also if the interference didn't come from the disc side of charger then the issue wouldn't be resolved with ferrite bead on that end. If the issue was on the USB connector side then the bead should be placed there.
oherrala commented on Eliminating radio interference from Apple charger oh8hub.substack.com/p/eli... · Posted by u/oherrala
There is a big possibility the author just bought a counterfeit, AFAIK all consumer electronic devices have standard EMC compliance requirements, these spikes showed should be easily observed in the 10M chambers during testing.
The device was ordered from Apple's website.
oherrala commented on Eliminating radio interference from Apple charger oh8hub.substack.com/p/eli... · Posted by u/oherrala
Honestly, I’d rather my electronics cause some noise on a frequency I never use than have a ferrite bead on every USB cable under the sun.
Seems like the author resolved the problem at minimal cost and effort.
You can be using a device and it might not harm you personally, but it could harm anyone around you using these frequencies. This includes airplanes and ground control, and boats. Your device's interference could cause problems or even life threatening dangerous situations. That's why it's illegal in many countries to cause too much radio interference (there's always some).
So...disable the container feature?
Do you just not review the configuration of your networking equipment?
It is a convenient way to maximize hardware in SOHO deployments.
RouterOS by default doesn't have container support. It's a separate package which has to be installed on the system. And it is still in testing / beta phase.