I'm currently learning about #Zscaler Deception, and I really wish Zscaler would allow you to get a setup for homelabs but they want a minimum of 50 seats when I spoke to them. Because I would love to roll a proper SME homelab to tie Zscaler, #Crowdstrike, #Pfsense, and more and then pipe all that to a #SIEM such as Datadog or another one.
I think it would benefit Zscaler to allow professionals to have access to do this on homelabs as we implement what we are familiar with.
With the deprecation of the armv7 architecture in pfSense's upstream operating system, FreeBSD, it looks like pfSense+ 24.03 will probably be the one of the last major releases that I'll be seeing for my Netgate 3100 firewall.
I'm debating on replacing it with one of their newer appliances (either a 4200 or a 6100, as the 2100 doesn't have any 2.5 GbE ports) or getting a cheap-ish N100 or N300 passively-cooled system and pay for a pfSense+ subscription.
Je me sens débile. On est d'accord qu'avec #pfSense on peut faire du routage inter-VLANs ?
J'ai un port trunk / tag (comme tu veux, ça dépend des marques) avec tous mes VLANs sur mon commutateur et un port avec tous mes VLANs sur mon pfSense.
Normalement en mettant une règle sur mon VLAN source vers mon VLAN destination, ça devrait fonctionner ou je m'y prends comme un manche ?
I'm thinking about switching from a #Ubiquiti#EdgeRouter to something with #OPNsense on it. My home Internet can do 1gbps/45mbps although this fall I'll probably end up with symmetric 1.2gbps. I'm upgrading my access points to WiFi 7 (the new Ubiquiti APs) so the WiFi will support the throughput even if our devices don't yet.
The frustrating thing with the EdgeRouter is that it's basically been abandoned the last few years by its manufacturer. They are still selling plenty of them but... 1/n
... the software updates have been very sparse. And it seems the company is focusing on other product lines.
I was looking at #pfSense but it seems that the company became jerks a few years ago. I used the software about a decade ago to setup a fraternity house network with about 300 concurrent devices and with four cable modems to supply the Internet. It worked surprisingly well to bond those connections together and shape network traffic. But since the company seems to be jerks now... (2/n)
#Pfsense might tell you that #ISC DHCP is EOL soon and that you should change to Kea DHCP. I switched this morning, which is just a checkbox in the UI, and it brought down my guest network. Unable to resolve DNS within Guest. Devices were getting IPs.
Dug in more after work and saw Guest DNS Servers were misconfigured. Fixed DNS, restarted DHCP, DNS, and interfaces but kept getting intermittent connectivity issues between networks.
Main network was fine. Ended up reverting back to ISC.
Just got my #netgate 4200 today for #pfsense. This thing is pretty sweet and big upgrade from my older 1100 which was a really good device. Finally got a fiber connection so needed some hardware with a bit more power. Especially appreciated the easy-peazy backup/restore between devices so all my DNS and firewall rules showed up right way.
Dis :mastodon: Tu aurais une solution facile pour faire un MitM 🚨 (SSL donc) avec du #pfsense ?
(C'est pour intercepter tout ce qui passe dans mon VLAN #IoT et à quel point le 'S' dans cet acronyme est pour sécurité 🔒 )
Toute réponses étudiée, surtout les #trolls :blobnomcookie:
D'la bonne journée sur vous #datalove :boost_requested:
Homelab TODO:
There is an existing pfSense guide to automatically renew an OpenVPN connection to PIA on some cadence. It also handles port forwarding for applications.
I've created a more modern idea with their Wireguard servers along with renewing the tunnel every 15 minutes and adapted to work with qBittorrent. I need to document and get this into version control somewhere.
Question technique sur #pfSense. J'ai un commercial qui a eu l'idée (avec mon aval) de vendre un lien avec pool d'IP publiques. Le problème c'est que je n'ai pas pu maquetter.
L'idée c'est une IP pour notre matos, la seconde pour le firewall d'un autre prestataire. L'idéal s'était que ce firewall soit sur une des interface du pfSense et fasse sa vie.
1/2
I'm still mulling over my #home#networking project of connecting three buildings. Currently two of the buildings are connected with a #tplink bridge but I'm not happy with the weird subnetting.
Anyone have strong opinions on equipment if starting fresh? I'm considering #ubiquity gear as I've used it with some success in the past. Also considering #opnsense or #pfsense for the routers.
I could, in theory, bury a cable for it but that's real effort so I'm going wireless.
Does the automatic update for #pfsense work for anyone else? I've never had it work successfully and it bricks the system, and I always have to take the configuration backup and restore it on a fresh install every time.
Can any OpenBSD person help me with this error? I am trying to install OpenBSD 7.4 and it always fails to install the bootloader. I could install OpenBSD 7.3 (when it was released) but now I can't install 7.4. Should I email misc@? I'd appreciate if somebody could help me.
Either I'm an idiot or #OPNsense (and #PFsense too?) can't filter devices into DHCP pools based on their DHCP vendorclass.
That's annoying if true, because it'll make it pretty hard to use for the IP Phone VLAN.
Someone please prove me wrong... I like just about everything else about it, including being able to use it as an nginx reverse-proxy.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #50/2023 is out! It includes the following and much more:
➝ 🔓 🇺🇸 U.S. nuclear research lab #databreach impacts 45,000 people
➝ 🇩🇪 #Toyota Germany Says Customer Data Stolen in #Ransomware Attack
➝ 🔓 🏧 #Bitcoin ATM company Coin Cloud got hacked. Even its new owners don’t know how
➝ 🔓 🇺🇸 Norton #Healthcare discloses data breach after May ransomware attack
➝ 🇷🇺 Russian SVR-Linked #APT29 Targets #JetBrains TeamCity Servers in Ongoing Attacks
➝ 👥 #LockBit ransomware now poaching #BlackCat, NoEscape affiliates
➝ 🇻🇳 💻 #Microsoft seizes domains used to sell fraudulent #Outlook accounts
➝ 🇫🇷 💸 French police arrests Russian suspect linked to #Hive ransomware
➝ 🇨🇳 Chinese APT Volt Typhoon Linked to Unkillable SOHO Router #Botnet
➝ 🇺🇦 🇷🇺 Ukrainian military says it hacked #Russia's federal tax agency
➝ 🇨🇳 🚪 Researchers Unmask Sandman APT's Hidden Link to China-Based #KEYPLUG Backdoor
➝ 🇺🇦 📡 #Ukraine’s largest mobile communications provider down after apparent #cyberattack
➝ 🇪🇸 Kelvin Security hacking group leader arrested in #Spain
➝ 🔻 👮🏻♂️ #ALPHV ransomware site outage rumored to be caused by law enforcement
➝ 📹 🕵🏻♂️ #UniFi devices broadcasted private video to other users’ accounts
➝ 🇷🇺 🇪🇺 Russian Diplomat Expelled Amid EU Spy Purge Is Now An OSCE Election Observer In Serbia
➝ 🇺🇸 Harry Coker confirmed to be the next National Cyber Director
➝ 🇪🇸 🇺🇸 Spain expels two US spies for infiltrating secret service
➝ 📝 #MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure
➝ 🩹 #ICS Patch Tuesday: Electromagnetic Fault Injection, Critical Redis Vulnerability
➝ 🦠 🇵🇸 New Pierogi++ #Malware by #Gaza Cyber Gang Targeting Palestinian Entities
➝ 🦠 🇮🇷 Iranian State-Sponsored #OilRig Group Deploys 3 New Malware Downloaders
➝ 🦠 🇩🇪 New MrAnon Stealer Malware Targeting German Users via Booking-Themed #Scam
➝ 🍪 #Google's New Tracking Protection in Chrome Blocks Third-Party #Cookies
➝ 🐛 👨🏻💻 #Zoom Unveils Open Source Vulnerability Impact Scoring System
➝ 🩹 🧱 #Sophos backports RCE fix after attacks on unsupported #firewalls
➝ 🔓 🧱 Over 1,450 #pfSense servers exposed to RCE attacks via bug chain
➝ 🩹 🍏 #Apple Ships iOS 17.2 With Urgent Security #Patches
➝ 🐛 Over 30% of #Log4J apps use a vulnerable version of the library
📚 This week's recommended reading is: "Black Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters (2nd Edition)" by Justin Seitz and Tim Arnold
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
For anyone who has any devices running pfSense Plus or pfSense CE, a new version has been released to fix some really important security and ZFS issues.