On Mon, 24 Jun 2019 00:12:21 +0200 "Carlos E. R." <robin.listas@telefonica.net> wrote:
On 23/06/2019 16.05, Dave Howorth wrote:
I never got an answer from anybody in this thread about any software or other technique for detecting and/or thwarting IoT devices that try to phone home without asking permission.
If you are interested in that, you should ask a question about that, with an appropriate subject line ;-)
I don't think it is possible, if they work hard at going out... At least not easy.
You need an egress firewall, placed at the gateway to internet or at the WiFi Access Point. SuSEfirewall ain't that. It has to block outgoing connections coming from the IP of the IoT gadget in particular, and you have to know it, and fix it using DHCP.
I think I've got the first half of a solution. I just upgraded my internet connection (to a measurable fraction of yours) and part of the upgrade was a new router. It's a Fritz!Box 7530 and it appears it has parental controls that allow me to block devices from the internet. When a new device is added to the network, it is automatically allocated to the 'Standard' profile, so I just changed that to block all internet traffic. I moved all my existing devices that need internet to an 'Unrestricted' profile and left some devices, like my data logger, on Standard. It seems to work. My PC can still acess the web, and my data logger gets 'packet filtered' reports if I try to ping an external host. So that should stop things phoning home. Now I need to figure the best way to see what they're trying to do. Presumably wireshark or somesuch can do that?
That's what I can think about, without reading the link below.
Or, you can configure for them an special AP that has no connection to internet. No route. At worst, no cable.
Just for interest, here's an open-source project that enables exactly this kind of bad behaviour: https://www.dataplicity.com/ Held out as a good thing. o o ~
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org