There was an article about a new IoT botnet malware yesterday and I was reading all the comments from people discussing what firewall they should get to block this.
I’m not understanding. Even a basic NAT router should do the job unless you configure port forwards or what I suspect is the real culprit is UPnP creating port forwards for telnet and SSH by default. So just disable UPnP on the router you have. I can’t understand how all these webcams and toasters are accepting inbound connections directly on public IPs. It has to be UPnP on by default and installation by consumers who haven’t a clue what port forwarding or UPnP is. I’m guessing most people actually putting these on a DMZ know enough to change the passwords, create firewall rules, and block services like telnet/SSH. Many consumer webcams like Nestcams use a cloud service for remote access, obviously they have a web interface for setup, I would hope they don’t by default use UPnP to forward a bunch of ports through the router. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Paul Stewart Sent: Wednesday, November 2, 2016 11:47 AM To: af@afmug.com Subject: Re: [AFMUG] BW to work from home LOL .. not mine - they are secure :) I actually spent several hours doing security scanning in my house last weekend to make sure there wasn’t some “default” access that a vendor left open … On Nov 2, 2016, at 12:40 PM, Mike Hammett <af...@ics-il.net <mailto:af...@ics-il.net> > wrote: With all of these DDoSes lately, those cameras will need all of the upload they can get. ----- Mike Hammett <http://www.ics-il.com/> Intelligent Computing Solutions <https://www.facebook.com/ICSIL> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> <https://www.linkedin.com/company/intelligent-computing-solutions> <https://twitter.com/ICSIL> <http://www.midwest-ix.com/> Midwest Internet Exchange <https://www.facebook.com/mdwestix> <https://www.linkedin.com/company/midwest-internet-exchange> <https://twitter.com/mdwestix> <http://www.thebrotherswisp.com/> The Brothers WISP <https://www.facebook.com/thebrotherswisp> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> _____ From: "Paul Stewart" <p...@paulstewart.org <mailto:p...@paulstewart.org> > To: af@afmug.com <mailto:af@afmug.com> Sent: Wednesday, November 2, 2016 11:38:09 AM Subject: Re: [AFMUG] BW to work from home So perhaps on difference there is that you can do one single stream of Netflix .. but in my household during the evenings there is typically 3-4 streams at once = ~16Mb/s Just an example of what some folks consider “need” Another reason for increased upload speed is home security cameras and stuff if you are storing on cloud …. I’m going to be faced with that shortly myself where I estimate 4-6Mb/s needed at various times (motion activated) to capture high quality video > On Nov 2, 2016, at 12:28 PM, Sam Morris <w...@csilogan.com > <mailto:w...@csilogan.com> > wrote: > > I have 5/1 at home and can do everything I need to do, including Netflix. > > On 11/2/2016 9:48 AM, Josh Baird wrote: >> What? 20/5 (or less) is still very adequate for *lots* of users. >> >> On Wed, Nov 2, 2016 at 10:46 AM, Roger Timmerman <timmer...@gmail.com >> <mailto:timmer...@gmail.com> >> <mailto:timmer...@gmail.com>> wrote: >> >> Is this a re-run from 2005? Are we really talking about 20M/5M or >> less still being an option and being adequate? >> >> On Wed, Nov 2, 2016 at 8:30 AM, Adam Moffett <dmmoff...@gmail.com >> <mailto:dmmoff...@gmail.com> >> <mailto:dmmoff...@gmail.com>> wrote: >> >> That could be part of it. I work from home with 3m/1m. It's >> not uncommon to have a kid watching cartoons on Netflix while >> I'm working. >> >> The thing is, most of what I'm doing across the network is >> remote terminals and remote desktops. And I'm clever enough >> that when I need to transfer a large file to the office I'll use >> WinSCP and put a speed limit on the transfer so I can keep doing >> other things. Some people might start the big file transfer and >> then call IT because nothing else works now. >> >> I'm aware that there are people using some Autodesk cloud >> storage/versioning thing that integrates with AutoCAD....they >> were told to /try /to get 10meg upload /if they can/ and I >> believe they might really use it. >> >> >> >> On 11/2/2016 12:25 AM, Mathew Howard wrote: >>> I think a lot of it is just lazy IT guys not wanting to deal >>> with people causing problems by watching Netflix on six TVs >>> while they're trying to work, so they just tell them they need >>> five times the speed they actually do. >>> >>> We've had customers that were told they needed something like >>> 3Mbps upload, but were able to do their jobs perfectly fine on >>> a plan with 1Mbps upload. >>> >>> On Tue, Nov 1, 2016 at 11:03 PM, Jaime Solorza >>> <losguyswirel...@gmail.com <mailto:losguyswirel...@gmail.com> >>> <mailto:losguyswirel...@gmail.com>> >>> wrote: >>> >>> Nope... Getting more common... My daughter needs good >>> upstream to upload medical scans she does for several >>> clinics and private doctors from house or retirement >>> places. She had to upgrade plan from TWC to accommodate >>> her. >>> >>> >>> On Nov 1, 2016 9:52 PM, "Ken Hohhof" <af...@kwisp.com >>> <mailto:af...@kwisp.com> >>> <mailto:af...@kwisp.com>> wrote: >>> >>> Twice in the past few weeks I’ve had prospective >>> customers say they needed a minimum of 20M/5M per >>> company IT dept to work from home, emphasis on the 5M >>> upstream. >>> >>> This is a lot more than I’ve heard in the past, and >>> seems high to me. In many cases even in town on cable >>> Internet, they will need at least a plan with at least >>> 50M download to get that much upload. My experience >>> in the past has been that even our 3M/1M plan is >>> actually sufficient for most people to work from home >>> (assuming they aren’t contending with the rest of the >>> family trying to watch Netflix and Youtube). >>> >>> Is this some kind of a trend, people needing that much >>> upstream to work from home? Or just a coincidence >>> I’ve had 2 requests like that in as many weeks. >>> >>> >> >> >> >
