Kid_Thunder

Kid_Thunder , 21 days ago

Just to be clear, if you're in the US, you 100% have copyright protection as soon as you put pen to paper.

Kid_Thunder , 21 days ago

I see some comments recommending wordpress but wordpress is a security problem, especially if you're using 3rd party plugins. It is such a bad problem that their are 'wordpress security' applications but even then wordpress sites get hacked all the time. If you are going to use it, it is best to let some other host handle it for you if you don't know a whole lot about what you're doing.

There are many, many other content management systems out there. Some are lighter than wordpress and some heavier. They are all about posting and managing content. Most of them have some sort of user and authoring system. Once you're webserver is set up, many are written in a mixture of php and python so setting them up is generally drag and drop with either minor configuration file edits or wizards. Many of them have sections that you can set up using a labeling/tagging system. Most of them allow you to have the 'stories' as private or draft where you have to actually click publish before people can view them. Some have user roles systems where you can limit viewing and even editing between different roles for sections.

Generally, once their setup is done, they are point and click to do everything.

Here's a nice list of FOSS CMS' (which includes Wordpress of course).

Kid_Thunder , 22 days ago

And the crazy part is that it sounds like Google didn't have backups of this data after the account was deleted. The only reason they were able to restore the data was because UniSuper had a backup on another provider.

This should make anyone really think hard about the situation before using Google's cloud. Sure, it is good practice and frankly refreshing to hear that a company actually backed up away from their primary cloud infrastructure but I'm surprised Google themselves do not keep backups for awhile after an account is deleted.

Kid_Thunder , 22 days ago

Actually, it highlights the importance of a proper distributed backup strategy and disaster recovery plan.

Uh, yeah, that's why I said

it is good practice and frankly refreshing to hear that a company actually backed up away from their primary cloud infrastructure

The same can probably happen on AWS, Azure, any data center really

Sure, if you colocate in another datacenter and it isn't your own, they aren't backing your data up without some sort of other agreement and configuration. I'm not sure about AWS but Azure actually has offline geographically separate backup options.

Kid_Thunder , 22 days ago

Google Cloud definitely backs up data. Specifically I said

after an account is deleted.

The surprise here being that those backups are gone (or unrecoverable) immediately after the account is deleted.

Kid_Thunder , 23 days ago

Even though costs of AAA games have gone up for some games (certainly not all) because of the size of teams/labor hours, so have the volume of sales. Publishers have made more and more profit while the average price of AAA games had stayed about the same for a long time.

Games selling in the hundreds of thousands was considered really good decades ago but now those are in the tens of millions.

Publishers aren't having problems with profitability, so much so that they've been buying up large swaths of development houses and IPs and then dismantling them when they have a single flop.

EA's gross profit in 2010 was $1.6B, in 2014 was $3.03B and in the past 12 months have been $5.8B right now according to macrotrends.

But the current trends are unsustainable

The current trend in profitability is increasing, not decreasing. It isn't a minor trend or minor increases either.

Major publisher profitability has vastly increased in spite of stagnant game prices. They don't have to increase prices to increase growth. It is simply that the market allows the increase of the price with more profitability and so they do.

Kid_Thunder , 24 days ago

The problem historically isn't that streaming services are paying for fast lanes but that they have to pay not to be throttled below normal traffic. In other words, they have to pay more to be treated like other traffic.

Even crazier is remember that there are actual peering agreements between folks like cogentco, Level 3, comcast, Hurricane Electric, AT&T, etc. What comcast did that caused the spotlight was to bypass their peering agreement with Level 3 and went direct to their end customer (netflix) and told them they'd specifically throttle them if they didn't pay a premium which also undermined Level3's peering agreement with Comcast.

Peering agreements are basically like "I'll route your traffic, if you route my traffic" and that's how the Internet works.

Kid_Thunder , 24 days ago

I found this wikipedia article about backbones and peering but it really isn't that great but in the results it also came up with this pretty good presentation from Carnegi Mellon. I was only going to browser a few of the slides but the information isn't really all that much and the illustrations are good. I think Prof. Nace did an excellent job here. Much better than I would have.

Kid_Thunder , 24 days ago

I was trying to find the old Level 3 blog post but didn't because I believe they basically said that Comcast needed to upgrade its infrastructure and never did. Netflix was the cashcow they saw to essentially make them pay for it. As a Comcast customer, I see it as charging the customer twice -- first for the Internet service for the content and again because Netflix is going to pass that extra cost onto you (and everyone else who isn't a Comcast customer).

You're right on about CDNs and edge / egress/ingress PoPs. It also keeps it cheaper for the likes of Netflix/Amazon/etc. in the long run with the benefits of adding more availability.

Kid_Thunder , 1 month ago

They are also the only RCS supplier on Android. A random messaging app can’t simply add RCS messaging functionality.

You are correct that an app can't directly implement RCS but it can support it. RCS is implemented by the carrier, not by Google or any other text application.

RCS is an open standard that any carrier can implement to replace SMS/MMS. The only thing special that Google does is on top of RCS is provides E2E via its own servers for handling messaging. The E2E isn't a part of RCS, though it should be IMO. Regardless, Google doesn't 'own' the Android implementation because it isn't a part of Android, other than it can support the carrier's implementation of RCS.

Kid_Thunder , 1 month ago

Not true. Both Samsung and Verizon messages uses RCS, so long as your carrier has implemented RCS.

Kid_Thunder , 1 month ago

Well sure. You've got to trust that Jibe isn't man in the middling the key exchanges but regardless, it doesn't change what I said.

Kid_Thunder , 1 month ago (edited 1 month ago)

Samsung signed a deal so that they can use the Jibe API to be a part of E2E when using RCS.

Since I'm sure there's Internet where you're at, you can take a look from Verizon's RCS roll out on messages+ in 2021 to Samsung's S9, prior to relying on Google Jibe. Verizon did eventually switch to use Jibe for their entire RCS implementation now instead of relying on their own infrastructure as did T-Mobile.

Kid_Thunder , 1 month ago

It looks like to me that its set up purposefully to obfuscate its structure. I'd also assume the reason for the loan for 15% of shares was so the parent essentially isn't really just a sole owner to protect them from liability.

Kid_Thunder , 1 month ago

The best part is when the business customers had to use an AI chatbot for support which was as helpful as the AI Adbot.

Kid_Thunder , 1 month ago

It's already here. I run AI models via my GPU with training data from various sources for both searching/GPT-like chat and images. You can basically point-and-click and do this with GPT4All which integrates a chat client and let's you just select some popular AI models without knowing how to really do anything or use the CLI. It basically gives you a ChatGPT experience offline using your GPU if it has enough VRAM or CPU if it doesn't for whatever particular model you're using. It doesn't do images I don't think but there are other projects out there that simplify doing it using your own stuff.

Kid_Thunder , 1 month ago

Right now the closest we have to that is running ampere clusters. I'm saying that because it is going to be some years before any phone GPU/CPU is going to be able to effectively run a decent AI model. I don't doubt there will be some sort of marketing for 'boosting' AI via your phone CPU/GPU but it isn't going to do much more than be a marketing ploy.

It is far more likely that it will still continue to be offloaded to the cloud. There is going to be much more market motivation to continue to put your data on the cloud instead of off of it.

Kid_Thunder , 1 month ago

How about adding speed limit without a destination, showing house/building numbers around you, traffic overlay without a destination, allow voice response to if reported hazards/speed traps/whatever is still there, better lane assistance, turn or which side the destination is on preview on the turn before so you know which lane to be in? Maybe a Recents list that doesn't seem like it's just a shuffle of a few random locations you've been to maybe once in the last 6 months?

Maybe some of that has been added somewhat recently?

Kid_Thunder , 1 month ago

Maybe they'll replace it with a few of the features of Waze but without ads, adds stuff that have been asked for by people for years and the Google Maps look, call it Google Ways and act like it's going to be continued to be developed as Google Maps 2.0. Then Google Maps goes away but Google Ways never gets updated with anymore features.

All the competitors on the market lose a large part of their customer base now.

Then one day Google Maps makes a reappearance to replace Google Ways. You can now select an icon to represent your car but otherwise, it has no Waze features and has less features than the original Google Maps but they promise they'll be porting those features over. They never do.

That's pretty much the kind of thing I expect from Google.

Kid_Thunder , 1 month ago

The problem is that there is that ad networks and ad placements are just bad actors in the consumer space. Not only has malware been passed time and time again with ads but also false ads to malware. When that happens suddenly the content creator/website/whatever 'isn't responsible' for it. Then there's the issue of ads being placed everywhere slowing down websites but even worse, getting in the way with auto play audio and video, videos autoscrolling over the content you're trying to read or whatever, etc.

As a consumer, I should not and ethically do not need to worry about another's business model. If the business model fails simply because I don't allow something that model depends on to traverse my network then it is on them to figure it out. If the ads get in the way of the content, then I just want consume the content anyway.

Some news websites use Ad Admiral or whatever it is called and I haven't bothered trying to bypass the adblock wall for them. I just simply consume the content elsewhere.

If ads were ever responsibly used or perhaps could be argued that there is compromise where consumers wouldn't mind, then there'd probably be a lot less ad blocker usage. It's like anything else. When it takes less effort to install an adblocker to have an OK experience, then ad blockers will be popular.

I was around before ad blockers were very popular and even before pop-up blockers were around. Ads kept getting worse which is why ad blockers became more popular and more sophisticated. The Internet had ads for years before ad blockers were the norm.

Kid_Thunder , 1 month ago

A 30% cut for steam games sold on steam and a 0% cut for steam keys sold by the publisher wherever they want with the caveat that they must give steam users the same sales at around the same time. They get their games hosted on Steam's industry best CDN, a page with support for images and videos, an API with features users like, workshop API for mod hosting and delivery, and other SteamWorks API stuff for stuff like multiplayer, patch management without charging a fee for it, forum hosting to hit the highlights. Pretty much all of that drives engagement and is mostly turn-key though you do have to programmatically interact with their API when it makes sense.

Steam provides a lot of benefit for a 30% cut of what is sold on their store front and a lot more benefit for getting all of the above for a 0% cut if they sell steam keys outside of steam.

Kid_Thunder , 2 months ago

It is likely someone using the same VPN service using the same server or server on the same subnet was scraping data or similar and got blocked. Therefore you are too.

Kid_Thunder , 2 months ago

Because money.

Kid_Thunder , 2 months ago

I use AUR in an Arch distrobox in Fedora. btw.

Kid_Thunder , 2 months ago

Sounds like you have nothing listening on port 80 that resolves for your domain for Let'sEncrypt to verify that you own the domain. You need a webserver listening on port 80 and that Certbot can access if you're using the http method.

Basically you're forwarding traffic to port 80 but there's nothing on port 80.

Kid_Thunder , 3 months ago

It's crazy that it sounds like paying customers might also have to opt-out.

Kid_Thunder , 3 months ago

As I understand it, NAT is a firewall

NAT is not a firewall. NAT does not inspect packet payloads, it doesn't do anything except attempt to route packets to where they are supposed to go. If the connection originates from outside or it is a 'connectionless' protocol, the NAT has no idea which internal IP to route to, so it drops the packet.

NAT provides some security by sheer coincidence and not by design.

Kid_Thunder , 3 months ago

NAT provides some measure of security as pure coincidence to how it works. It is not designed or intended to provide security. It does not inspect packet payloads in order to filter them for security. It looks at the header and attempts to route it to an internal IP address (your devices on your LAN) and if it cannot, it will drop the packet because the header will only have the external IP address -- the packet has no idea which device it is supposed to go to. Forwarding a port is telling the NAT to assume that when a packet hits a certain port, if it doesn't know the destination internal IP, forward it to some internal IP anyway.

The reason you can connect to websites, ssh outside, FTP, whatever, is because your connection comes from your internal IP first to some other IP and therefore, NAT knows which internal IP to route those packets to.

Take for example this scenario:

You download some software. It has malware that provides command and control (C2) to someone else outside of your network. A firewall and/or antivirus may be able to stop this and hopefully notify you. NAT will not help here. Furthermore, if you have uPNP enabled (usually it is by default on your router) the malware can forward any ports through your NAT to the compromised device opening it up to bot attacks and the like.

Another scenario:

You want to play a video game with you and your friends and you're going to host it. So either you manually forward those ports or perhaps uPNP just does it for you. That game has an exploit known by attackers, or perhaps it can just be DDoS'd. Your NAT isn't going to stop that. Hopefully a firewall will help you here. It definitely will if you set up explicit rules so that if they aren't your friend's IPs it will drop them. Though it is possible the game is exploitable and your friend's are compromised.

Take for example malware has been known to spread via Minecraft.

Kid_Thunder , 3 months ago

Depends on if there's an IPv6NAT and how your ISP converts between IPv4 and IPv6 or actually supports IPv6 straight through. It also depends on your router.

Currently, there's still some debate since IPv6NAT (NAT66/NPT6/NATv6) isn't really needed for WAN boundaries for the reasons NAT exists. However, without it you are right on that this will be a problem for the consumer because PCs, IoT devices, printers, circuts or whatever my wife has, etc. could all be exploitable and even worse, you may never know you're contributing to the botnet.

As an example, I have a global IPv6 on a few on my devices. They can connect to IPv6 if it originates from me but if it originates from them or is UDP it doesn't route to my IPv6. My router doesn't care. It'll route it just fine either way. It would appear that my ISP has me behind one of the IPv6 NATs.

I'd imagine that's true for most people at home.

Kid_Thunder , 3 months ago

TLDR; After interviewing the president of Crunchyroll and getting absolutely nowhere with a test free account with 'forever' digital content it appears neither Crunchyroll nor The Verge knows how they are going to handle this. The title appears to be the most positive way to summarize the situation as possible.

Summary:

The author doesn't know what Crunchyroll is going to offer to make this up to customers, had issues with trying to get an answer for their own account's content and Crunchyroll's response has been fairly ambiguous but it seems they want to handle it on a case-by-case basis. Things like perhaps premium subscription discounts were mentioned. Allowing some sort of limited-time download was not mentioned. It is clear that there is no plan to make this content available the same way on Crunchyroll going forward.

The author used a free account that has two 'forever' digital content and they received canned responses from customer service seemingly after this interview with Crunchyroll's president. When asking Crunchyroll about that afterwards, the author was given a special link for all customers to use. So far there has been no further customer service response.

There is no definitive answer as to the solution and it is unlikely to be 'good' based on the comments from Crunchyroll so far.

Kid_Thunder , 3 months ago

I was shadow IT for a project and asked IT to design this special unconventional thing which of course they wouldn't. So I made this little embedded linux device to take care of it. Gave them the design and steps I made and all that. They were like "nah" so I told them to give me admin on their file server and switch and I'd just do it myself. So they did (lol?).

I had to create a service account, so instead of just having the system account do it on their file server because I figured that wouldn't be OK. I asked them how do I properly get a service account approved and they passed me to Cyber who had me submit a user request. It got denied because it didn't have a signed user agreement or a Sec+ or similar cert......

So I created a word doc that said "I am not a real person and therefore cannot sign any contracts. I am just software man." and exported it to PDF and named it the same name of the agreement file name. Did the same for the cert. They approved it.

Then nobody ever created the account because IT's helpdesk couldn't figure out how to do it. I think it was more that they probably didn't have an OU structure properly set up so they wanted some architect or something to weigh in.

Anyway, I just let System do it because, well I had been waiting months at that point. The service account probably still doesn't exist in AD. They then took my admin privs away and got credit from upper management for solving this odd problem that my stuff took care of.

Eventually they needed a more robust solution and also in a few more places since it worked well but they started slamming it a bit too hard with data. They wanted to just keep giving me specific rights and then take them away when I was done but also submit paperwork every single time to them to do it.

Apparently, I burnt bridges when I said "nah" as a Reply to All when they told me that. But who cares to have a bridge to nowhere anyway? As far as I know (since I still occasionally get a technical question about it) my little guy is still chugging away today, though I've moved on since then.

Kid_Thunder , 3 months ago

I disagree about ClamAV in-so-far as its vanilla virus signature database. You really should use some third party ones though you have to be careful since some like specifically malware patrol are way too general. For example, malware patrol will identify any document mentioning any drive.google.com URL a virus.

In regards to MP, I actually submitted the offending signature to MP support and the CSR told said and I quote "Unfortunately that is not a false positive, there is confirmed malware hosted at drive.google.com." It caught my attention because a bunch of READMEs from some github projects and some HTML files ended up in the quarantine. I asked if future signatures would include this general URL since I'm going to blacklist this specific signature and was told basically 'yes, probably'.

I do recommend third parties though and most are free for personal use. Some require a key and therefore some sort of sign up but it isn't terrible except perhaps in regards to where I'm posting, some would consider it so.

Kid_Thunder , 3 months ago

In powershell:

for(){hh }

Also the beeping will be annoying.

Kid_Thunder , 3 months ago

Yeah you can use any executable but hh is just short and in everyone's path.

Kid_Thunder , 3 months ago

For Windows you can use KDE Connect (and also MacOS) or Microsoft Phone.

For Linux Mint there's KDE Connect or GSConnect (GNOME Extension) though I don't use GNOME often, I remember liking KDE Connect better still.

Kid_Thunder , 3 months ago

As much as he may have a case so long as he didn't act against store policy and actually attempted to he probably has a case, even in an at-will state.

The problem is that it will likely be difficult to get an attorney to represent him without an actual retainer because these cases usually draw out for a long, long time and are difficult to fight. Unless there's a legitimate case for a class action, then the chances are slim that anyone can afford to fight the case, even if they ultimately could win because no attorney is going to devote years to this for a 'maybe'.

The only route there may be a hope of winning here is for him to apply for unemployment and if he doesn't get it, to appeal himself. He may get that as small of a win as that is.

Kid_Thunder , 3 months ago

Personally I use FreeIPA for my LDAP. I like that I can create sudoers rules from one centralized place and manage ssh keys across all clients. Granted I could just use Ansible I suppose, which is how I update multiple distributions in my network and online but I like that I can just change SSH keys and sudoers from one place easily instead of changing tasks/roles. I also usually run cockpit even on my non-Red Hat distros with SSH keys just so I don't have to log into everything though it is somewhat limited outside of the Red Hat sphere.

If you don't want to use ProxMox or some other specialized HyperVisor ecosystem, you can also use Cockpit to manager your VMs along with your Pods. I wish there'd be more attention to it for features because it feels like it could do a lot more.

I also don't really worry about locking myself out for two reasons:

1. I use SSH keys.
2. I also have a break-glass local account on every system...with SSH keys. If its on your local network, you can use VNC/VM console/Remote Desktop with a local account while only allowing SSH with keys if you'd like. Just make sure if you're going to allow remote access outside of your network that you never forward the VNC/RDP ports. For SSH when I do this I always pick some random port -- never default and never common ones like 2222 to at least keep my logs less noisy from the botnet auto attacks.

For my online VPS' I use a firewall with geoIP from Maxmind and drop all ports but 443 from the world, except for whatever country I'm in. I drop all packets from certain countries that seem to auto-attack more often than others. I try to drop packets from all known (to me) Shodan scanners. If I'm not traveling I just restrict all other ports to my public IP's subnet though my IP hasn't changed for years. For status checking services like StatusCake, I use the "push" method instead using a simple cron job with curl instead of relying on servers around the world checking my ports. In this case, the services just check that my server has successfully hit them within X minutes to be "up".

Kid_Thunder , 3 months ago

The SSH keys don't help me if I get locked out of a Domain Controller unless you're using OpenSSH (which is now a native feature you can turn on). In that case you can actually still log into the DC via command line because it authenticates based on authorized_keys and not the LDAP of the DC. I actually do this on the enterprise, not because I may get locked out but because it is just convenient. Granted you'll have to execute powershell on the command line once in to use the AD cmdlets.

On the other hand when you create a DC now-a-days (Server 2019...I don't remember if this is asked in the wizard when in Server 2016) you can create a "Directory Services Restore Mode" password which is basically a local admin account on the DC that you can log into only when the DC is booted into safe mode. You'll be asked to create it when you promote your DC.

Kid_Thunder , 3 months ago

Aw. I just have the older McDonald's Garfield cups with all the lead paint instead of the plutonium I guess.

Kid_Thunder , 3 months ago

I was just replying tongue-in-cheek to this, though I really do have the cups.

Kid_Thunder , 4 months ago

It has barely existed for years anyway. Anyone can remove the Google caching from their website and most major websites and many small ones do.

Now I just have an archive.org extension to do the se thing basically.

Kid_Thunder , 4 months ago

Yeah.... How many times does the lesson need to be learned? The worse deal the consumer is given, the more likely they'll just pirate instead. This is in both price and usability/frustration level.

I still remember when Sirius/xm was actually popular. Ad free good quality radio where you could tune in to specialized stuff for a good price.You could generally get it for around $6/7 per mo/device. At the time I was going to buy a new stereo head just for better navigation of my flash drive with my music (I was already off of burned discs). But Sirius/xm was so cheap and it had an added bonus of some discovery and stuff that why bother? I'll just primarily use that!

The prices raised a couple of bucks and commercials for their top 10 channels but they are very quick.

Then prices raised and it was commercials for every channel and so on. I cancelled when it was $18/mo/device with commercials everywhere long enough that it wasn't as bad but close enough to being as bad as radio, except I'm paying for it. My friends told me "yeah but you just call them when your time is up and they'll always make it like $12/mo/device for the first year and sometimes if you complain after it runs out they'll do it the second year too.

But why bother when by then you had great alternatives like Pandora and then Spotify and so-on. You get the same experience as Sirius/xm but it is free. Don't want ads? It's just a few bucks a month!

Now streaming music is going down the same road that every popular service of everything always does. Worse experience and ad revenue. The price point for the pay options rise and won't atop. It won't be but maybe a decade until you can't pay for no ads. You'll pay to be able to pick exactly what you want to play and to decrease ad time I'm sure.

In the background as the deal gets worse and there is no alternative offering a good deal with a good consumer experience then piracy rises. It always does. Companies will always complain piracy hurts them and the artists but all they have to do is be more reasonable.

Kid_Thunder , 4 months ago

Yeah funny, right? I thought the same thing. It'd just be the older people and the younger would be more technically literate. But companies started abstracting a lot of things now and it's both the older and younger that struggle with IT literacy.

I think thin clients with VDIs will be the future and both make this stuff even more abstracted for users and also bring in the age of subscribing to workstations. At work, it'll start by just plopping stuff in your documents folder or personal folder or whatever and/or the desktop. They'll live on a network share and the VDIs will revert to snapshots to be 'fresh' every time but the users won't really know that. Their stuff will be plopped down like it is local every time and 'follow' them from VDI to VDI.

Then I think this will push to the home market and instead of spending a lot of money up front, you just get a cheap thin client, probably eventually a small little box with USB ports and mini-DP or whatever. You'll then pay for the tiers you want. Want just a workstation to check mail on and do 'web apps' type stuff? $5 with a whole 5GB of personal space or whatever. Then there'll be "productivity tiers" with pretty much the same stuff but more CPU, RAM and a small amount of vGPU allocated and you can install programs with something like 500 GB of personal space. There'll be a "pro" version with more of everything and a "gamer" version with a lot of everything probably costing something like $30/$40 a month starting out per device.

And of course eventually, you'll be getting ads to "keep the prices increases down" and then that won't matter anymore and you'll be given the option to pay for ad-free add-ons, time on the workstation and so-on. Prices will raise nearly every year. Thin clients will turn into all-in-ones and be basically tablets where you buy based on screen sizes and probably able to wireless connect more displays.

Technology in computing will become more abstracted and IT's specialists will shrink once again because actual tech literacy will decrease.

I think the only reason it hasn't started yet is due to Internet throughput availability but that's quickly changing.

A boring dystopia indeed.

Kid_Thunder , 4 months ago

LibreOffice is compatible with Microsoft's OOXML spec. They sold every suite on it in the nearly 20 years ago to stop fines from the EU. They sold competing suites on it instead of using anything else available.

Microsoft however never actually fully supported their own spec and will save as "OOXML Transition" or whatever they call it now because they've been in 'transition' for nearly 20 years but still have proprietary blobs inside of it. You can however make MS Office save in OOXML Strict which is supposed to be compliant to the now ISO spec that LibreOffice actually supports.

This isn't LibreOffice's fault.

Kid_Thunder , 4 months ago

I imagine an argument in my head like this:
Comcast: 10G doesn't confuse customers. Obviously we are saying they can buy up to 10 Gbps on our network.

Somebody: Do you call your 1 Gbps plans Xfinity 1G?

Comcast: No

Somebody: Why not call it that instead of Xfinity Gigabit?

Comcast: Because customers might think cell plans at 5G are bett....oohhhhh you almost got us!

I know it didn't go like that but it would have been a good laugh.

Kid_Thunder , 4 months ago (edited 4 months ago)

It doesn't 'resolve' to Russia. The IP was allocated to yandex who's record for that block is listed in Russia. Any IP addres in that /24 can literally be used anywhere in their infrastructure anywhere in the world.

I have a VPS for example that RIPE shows is allocated to a company in Germany but the physical server sits in a datacenter on the west coast of the US.

Kid_Thunder , 4 months ago (edited 4 months ago)

Port 6667 is a typical IRC port. It is sometimes used by remote access backdoors for command and control via a channel (chat room basically) on an IRC server, however, if that port isn't forward OR you don't have your PC set as the DMZ Host (you should never do this), then you probably have malicious software on your system.

If it isn't forwarded, then your NAT would drop the packets and Malwarebytes would never see it because they wouldn't be there. Malicious software can forward ports via uPNP and you should turn that off on your router or router/modem combo. It can also make it through if the connection is starting from inside of your network for TCP, which is the protocol that would be used for 6667 normally.

Kid_Thunder , 4 months ago

Just clarification here, a NAT is NOT a firewall. It will drop packets originating from outside the network if the ports aren't forwarded to an IP simply because the NAT has no idea which device on the network to send the packets to. A forwarded port is you telling the NAT to assume packets coming into a specific port should be forwarded to a specific device. It is acting as a security measure simply by coincidence but not by design. Unlike a firewall it will not inspect any packet payload or attempt to make a security decision on outbound packets. It only routes based on the packet headers.

A firewall on the other hand actively will reject or drop packets because it is an Intrusion Prevention System (IPS). This is why if your router has a built-in firewall, your NAT will still drop the packets -- because it isn't a firewall nor is it what is being referred to if you disable it.