×

Home Top Podcaster Networks By Language By Country By Category About Us Contact Us Faqs Features News & Blogs Privacy Policy Terms Of Use

☰

Search

Home > Geeksters - Podnutz > Geeksters #150 – Sesquicentennial


	Podcast:		Geeksters - Podnutz
	Episode:		Geeksters #150 – Sesquicentennial
	Category:		Technology
	Duration:
	Publish Date:		2015-02-27 01:19:26
	Description:		Martin Obando, Tim Bowermeister, and Mitch Haman talk about computer repair Episode 150 Show Notes Title — Sesquicentennial Hosts: Tim Bowermeister Mitch Haman Martin Obando http://sourceforge.net/p/clonezilla/news/ * Lenovo admits security issues with Superfish, releases removal too http://www.zdnet.com/article/lenovo-admits-security-issues-with-superfish-releases-removal-tool/ http://www.gfi.com/blog/its-time-for-devices-not-to-ship-with-unwanted-risky-software/ http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html https://www.grc.com/sn/SN-496-Notes.pdf https://filippo.io/Badfish/ * Truecrypt Phase Two Audit Announced https://cryptoservices.github.io/fde/2015/02/18/truecrypt-phase-two.html * A deeper look at Outlook for iOS and Android http://blogs.office.com/2015/01/29/deeper-look-outlook-ios-android/ ******************* E-mail Good evening Martin, I was just listening to the last Geeksters show. After a little thought, here is how I would solve your problem with selectively blocking traffic on port 53. 1 Choose compatible routers and install DD-WRT 2 Modify the tables with iptable commands in command line to block port 53 with exceptions for specific devices. 3 After testing, save as a startup script so that a reboot of the router won’t clear the rules. This should only cost you about fifty to sixty dollars per device, though Trendnet has a DD-WRT compatible device for just over one hundred dollars. Below are a few links that may be useful. Here is a link describing the DD-WRT iptables commands. http://www.dd-wrt.com/wiki/index.php/Iptables_command Link for DD-WRT startup scripts http://www.dd-wrt.com/wiki/index.php/Startup_Scripts Trendnet wireless router http://www.trendnet.com/store/products/proddetail.asp?prod=100_TEW-811DRU&cat=35 Buffalo router http://www.newegg.com/Product/Product.aspx?Item=N82E16833162086&nm_mc=KNC-GoogleAdwords-PC&cm_mmc=KNC-GoogleAdwords-PC-_-pla-_-Wireless+Routers-_-N82E16833162086&gclid=COuHoL6o7cMCFRBffgodkW0AmQ&gclsrc=aw.ds This should work for you. Hope it helps, If you need a device for testing I have one that I can send you (Dlink DIR632). Let me know if I can be of any help. Cheers, Tim ************* Hello Geeksters, I have been listening to episode 149 and have had to deal with the same problem as the IT guy at a public library that Marin was having with open wifi access and opendns. I have a few possible solutions for you. You can totally lock down your dns through the firewall on pfsense (open source freebsd based router appliance). This software doesn’t requite much in the way of hardware specs. But for best performance I would try to get a coupld of intel NICs. What I did here was as you described by locking down ports 53 to only allow opendns ips through. Also, under the Services->Dynamic DNS one of the options you can select is opendns so I’m guessing that this will update your external IP once you’ve put your username and password in. A couple of other things to watch out for are you’ll probably want to block ports 6881:6999 to stop other bit torrent traffic because even with dns locked down if someone has started a torrent elsewhere, they are able to resume the torrenting w/o dns at that point. I have created a specific pool of addresses that I call my “wifi-prison” for repeat offenders. When I get a repeat offender I temporarily block their connecting to the wifi AP by blocking their MAC address. Then I assign a static DHCP mapping based on their MAC address that assigns them an IP in the “wifi-prison” range. I then block all traffic for addresses in that range. Once I have assigned the static mapping I can clear the block on the AP (This is nice b/c most AP only allow you to block a few MAC addresses at a time). It works pretty well, It’s not fool proof, but it will keep most people at bay. If you didn’t want another box you could look at getting a Buffalo WIFI router that comes with DD-WRT as its firmware. I’ve heard that the firmware that it comes with is a little dumbed down, but you can flash them with the full dd-wrt. The models that work are listed here. http://www.dd-wrt.com/site/support/router-database and search for “Buffalo.” I’m willing to bet that these will also lock down the firewall like you’re wanting. DD-WRT also has a new feature called Optware (http://www.dd-wrt.com/wiki/index.php/Optware) these are additional programs that you can run right on the router. One of these programs is ddclient which will report the external IP to opendns. I would try to get the buffalo router with the most internal memory if you want to do down this router. A final option would be to bypass the optware and just use the ddclient software on an raspberry pi attached to the network. Hopefully some of the suggestions help! Your browser does not support the audio element. Some more Podcasts by Podnutz.com 100+ Episodes Podnutz – .. 40+ 1 100+ Episodes Podnutz Dail .. 10+ 1 100+ Episodes LinuxForTheR .. 20+ 3 100+ Episodes Android App .. 10+ 3 30+ Episodes My Hard Driv .. 200+ Episodes Podnutz Pro