On Mon, 24 Jun 2019 18:44:58 +0200 "Carlos E. R." <robin.listas@telefonica.net> wrote:
On 24/06/2019 17.32, Dave Howorth wrote:
On Mon, 24 Jun 2019 00:12:21 +0200 "Carlos E. R." <> wrote:
On 23/06/2019 16.05, Dave Howorth wrote:
I never got an answer from anybody in this thread about any software or other technique for detecting and/or thwarting IoT devices that try to phone home without asking permission.
If you are interested in that, you should ask a question about that, with an appropriate subject line ;-)
I don't think it is possible, if they work hard at going out... At least not easy.
You need an egress firewall, placed at the gateway to internet or at the WiFi Access Point. SuSEfirewall ain't that. It has to block outgoing connections coming from the IP of the IoT gadget in particular, and you have to know it, and fix it using DHCP.
I think I've got the first half of a solution. I just upgraded my internet connection (to a measurable fraction of yours) and part of the upgrade was a new router. It's a Fritz!Box 7530 and it appears it has parental controls that allow me to block devices from the internet. When a new device is added to the network, it is automatically allocated to the 'Standard' profile, so I just changed that to block all internet traffic. I moved all my existing devices that need internet to an 'Unrestricted' profile and left some devices, like my data logger, on Standard.
It seems to work. My PC can still acess the web, and my data logger gets 'packet filtered' reports if I try to ping an external host.
Not even your guests
Well, the router offers two SSIDs - the standard one and a 'guest' one. The guest one has a different profile, that allows connection to the internet but not to my home network. So when friends connect, I will tell them to connect to that network and they will be fine. If/when I buy an IoT device I will have to tell it which SSID to connect to, and I will tell it to use the standard one, and they will be blocked from internet access.
So that should stop things phoning home.
I think so, unless they use some "clever" trick I can't think about.
For instance, an evil someone could listen to the traffic, see an IP that is authorized to get out, and when that IP is not running, pose as it.
I don't know what happens if a device tries to spoof an IP address. I'll ask them if I can't find an answer in the docs.
Now I need to figure the best way to see what they're trying to do. Presumably wireshark or somesuch can do that?
Yes.
I'll have to have a bit of a play to see how it works then :)
And others, like iptop, can tell a bit.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org