Recent content by Jerry12

BTW the Nest Hello just has one connection and that's to GOOGLE-CLOUD which seems fine but its upload traffic was <2KB/day for the previous few days and going up and down today, peaking at 125MB/hour. Is Traffic Analyzer straightforward to interpret or complicated by subtleties, e.g. does it...

Log/Connections is interesting! The tablet has been fine since a few hours before (!) rebooting it. It's the Macbook Air that's now doing most of the SSL/TLS uploads and the Nest Hello has also joined in. To test a hypothesis that a browser tab was doing the SSL/TLS uploads, I closed most of...

Yes, the Apps button confirms that it's almost all SSL/TLS upload traffic. The consistent upper bound might be due to rate limiting in the cable network.

Correction: The Mac upload traffic started when the Nexus 7 ended. Nexus 7 graph: Mac graph: What to look into now?

A good idea, indeed! I turned it on 4 days ago and discovered my Nexus 7 tablet uploading nearly 3 GB/day over SSL/TLS since then while just sitting and charging! It was a steady 117 MB/hour. Downloads were only 4-6 MB/hour. Today I rebooted it and uninstalled some apps, then later rechecked...

That's good advice. I did put most of those devices on the guest wifi. But they could still spy, join a bot net, or do other mischief.

ASUS router has "Parental controls" to block, per device: Adult Instant Message and Communication P2P and File Transfer Streaming and Entertainment Q. Are these controls useful at all for securing IoT devices like NAS, thermostats, and smart TVs from contacting malware or spyware servers? Q...

> Fixed CVE-2019-15126 ("Kr00k") vulnerability. Is it typical for ASUS to make a firmware release available for direct download to routers several days before posting it on their website?

Many WiFi routers support WiFi guest networks, where each guest can only connect to the internet, not to other local devices. If you want an isolated network that supports Ethernet, look into the VLAN feature, e.g. https://routersecurity.org/pepwavesurfsofo.php#guestnetworks

No news. See Cisco Talos for info, e.g. "device destruction module" for files and processes that suggest a compromised device, for some models. It's an ongoing exploit, not a single malware program or a specific bug. We don't know what security holes have been or will be exploited. We don't...

Great ideas. More specific to VPNFilter, one could watch for the files and processes mentioned in the Cisco Talos blog under “'dstr' (device destruction module).” That lists "files and folders related to its own operation" like /var/run/vpnfilter that the device destruction module deletes and...

Per Ars Technica, Talos found that VPNFilter targets some ASUSWRT devices, and a newly discovered module can inject malicious payloads into traffic as it passes through an infected router. (But yes, the issue is defending against and cleaning any malware.) > Williams [from Cisco Talos] said he...

As far as we know, the VPNFilter malware doesn't currently put ASUS routers at risk, but the FBI believes it was created by a Russian state-sponsored cyber espionage group, so we can assume attackers are gunning for all SOHO routers. Q1. How could you remove all malware from a router? I.e. how...

No, you don't need to anything special to print from outside your home network. The printer and the computer just need to both be able to make an outbound connection to Google. Here's my understanding. To use Google Cloud Print, you need: Either a GCP-ready printer or a computer running the...

GCP printers should not need any router configuration. No ports, static IP, firewall, etc., unless you're normally blocking outgoing ports. Almost surely the printer makes an outgoing connection to the GCP server. This line is from my router's "System Log - Active Connections" screen: tcp...