Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
If you could pick only one program for protection.
Message
<blockquote data-quote="ForgottenSeer 58943" data-source="post: 835731"><p>Wait, are you saying a Comcast upstream DHCP server node was infected and when it served the 1 to 1 customer NAT those became infected? That's some pretty serious business there. But how was it serving malware downstream of the node? Generally speaking, such notes won't service anything other than the DHCP pool and translation. Upstream past them, way way upstream there are hubs that distribute modem/router firmware upgrades and other things. Also there could be NXD redirect servers but all those do is redirect improper domains to their search engine mirror.</p><p></p><p>But I digress, I have seen quite a lot of things at this level, just not this specific one. For example Quantum Insert is effectively in use across America now, largely due to Project Groundbreaker. ATT is basically a federal agency at this point, and any area that needs intrusive sigint at the local level you'll find rapid deployment of ATT fiber networks and hubs with seemingly unlimited budgets. Quantum Injection is a thing now, most good UTM's detect it these days (commercial grade only). Quantum Insert is basically a Race Condition, where the local QI server intercepts the TCP stream then injects it's own TCP stream with a redirect into it. It does it under the RTT of the normal TCP round trip.</p><p></p><p>Comcast enables by default their own WIFI SSID on all devices. These are intelligence backdoors that allow them to transit the internal VLAN of the XFinity SSID into the local subnet of the secondary VLAN (your home network). Xfinity SSID wasn't done to provide widespread easy access WiFi to Comcast customers. Nobody uses it. It was explicitly done for intelligence gathering on any Comcast Customer location.</p><p></p><p>Right now their is technology in place to compromise many actors by virtue of that actor simply plugging in an ethernet cable to a device. Most people would be wise to work off of the assumption (at least in the USA and China, Russia lacks resources/money) that they are also vulnerable to this.</p></blockquote><p></p>
[QUOTE="ForgottenSeer 58943, post: 835731"] Wait, are you saying a Comcast upstream DHCP server node was infected and when it served the 1 to 1 customer NAT those became infected? That's some pretty serious business there. But how was it serving malware downstream of the node? Generally speaking, such notes won't service anything other than the DHCP pool and translation. Upstream past them, way way upstream there are hubs that distribute modem/router firmware upgrades and other things. Also there could be NXD redirect servers but all those do is redirect improper domains to their search engine mirror. But I digress, I have seen quite a lot of things at this level, just not this specific one. For example Quantum Insert is effectively in use across America now, largely due to Project Groundbreaker. ATT is basically a federal agency at this point, and any area that needs intrusive sigint at the local level you'll find rapid deployment of ATT fiber networks and hubs with seemingly unlimited budgets. Quantum Injection is a thing now, most good UTM's detect it these days (commercial grade only). Quantum Insert is basically a Race Condition, where the local QI server intercepts the TCP stream then injects it's own TCP stream with a redirect into it. It does it under the RTT of the normal TCP round trip. Comcast enables by default their own WIFI SSID on all devices. These are intelligence backdoors that allow them to transit the internal VLAN of the XFinity SSID into the local subnet of the secondary VLAN (your home network). Xfinity SSID wasn't done to provide widespread easy access WiFi to Comcast customers. Nobody uses it. It was explicitly done for intelligence gathering on any Comcast Customer location. Right now their is technology in place to compromise many actors by virtue of that actor simply plugging in an ethernet cable to a device. Most people would be wise to work off of the assumption (at least in the USA and China, Russia lacks resources/money) that they are also vulnerable to this. [/QUOTE]
Insert quotes…
Verification
Post reply
Top