Hashlimit is an iptables module that allows one to define rules that in effect will limit traffic speed (bytes / time unit) or frequency (connections / time unit) per target or origin ports / IPs. The inner workings of this module and / or how to make it work correctly remains a mystery for many.
Hashlimit is also close friends with the limit module, only much more powerful, capable of expressing rate limiting per source IP (for example) in a single rule.
“Going beyond 1 Gb/s with existing Cat5e and Cat6 cables was little more than a talking point two years ago. But now with NBASE-T, we have the ability to extend the life of an enormous asset —your wired network. The Cat5e and Cat6 installed in just the last 15 years now exceeds an estimated 70 billion meters of cabling, which is more than 10 trips to Pluto,”
Sadly, it is still relatively easy for thieves to create an account in the name of Americans who have not already created one for themselves. All one would need is the target’s name, date of birth, Social Security number, residential address, and phone number. This personal data can be bought for roughly $3-$4 from a variety of cybercrime shops online.
After that, the SSA relays four multiple-guess, so-called “knowledge-based authentication” or KBA questions from credit bureau Equifax. In practice, many of these KBA questions — such as previous address, loan amounts and dates — can be successfully enumerated with random guessing. What’s more, very often the answers to these questions can be found by consulting free online services, such as Zillow and Facebook.
The location of PAC files can be discovered through WPAD in several ways: through a special Dynamic Host Configuration Protocol (DHCP) option, through local Domain Name System (DNS) lookups, or through Link-Local Multicast Name Resolution (LLMNR).
The researchers recommended computer users disable the protocol. “No seriously, turn off WPAD!” one of their presentation slides said. “If you still need to use PAC files, turn off WPAD and configure an explicit URL for your PAC script; and serve it over HTTPS or from a local file.”
From Slashdot comments:
Basically, the default User Authentification Settings of Edge/Spartan (also Internet Explorer, Outlook) lets the browser connect to local network shares, but erroneously fail to block connections to remote shares. To exploit this, an attacker would simply set up a network share. An embedded image link that points to that network share is then sent to the victim, for example as part of an email or website. As soon as the prepped content is viewed inside a Microsoft product such as Edge/Spartan, Internet Explorer or Outlook, that software will try to connect to that share in order to download the image. Doing so, it will silently send the user’s Windows login username in plaintext along with the NTLMv2 hash of the login password to the attacker’s network share.
Source: Blocking Shodan
Because spammers can’t easily obtain new IP addresses through legitimate means, they frequently resort to stealing IP address blocks that are dormant and aren’t being utilized by the rightful owners. There is a thriving black market in IP addresses; spammers don’t care whether the source of their IP addresses is legitimate or even legal. A cybercriminal that can steal a large IP address block (for example, a /16 or 65,536 IP addresses) can generate thousands of dollars per month.
Wi-Fi HaLow extends Wi-Fi into the 900 MHz band, enabling the low power connectivity necessary for applications including sensor and wearables. Wi-Fi HaLow’s range is nearly twice that of today’s Wi-Fi, and will not only be capable of transmitting signals further, but also providing a more robust connection in challenging environments where the ability to more easily penetrate walls or other barriers is an important consideration.
The UHF spectrum, which ranges from 400 to 700 MHz, is superior to the higher-frequency signals used for existing Wi-Fi hotspots, the researchers said, as these signals carry for miles and are not blocked by walls or trees.
It should be noted that carriers such as AT&T and related associations such as the National Association of Broadcasters objected to the FCC rules in the run up to the commission’s August meeting, citing concerns that new unlicensed uses in the 600 MHz band would create interference.
I wonder what AT&T’s true motivation for their objection.
The move does not mean that there are no IPv4 addresses left, but that requests will have to be smaller to be accommodated or applicants will have to wait for blocks of address space to be returned.
The dwindling amount of IPv4 addresses means that their worth is increasing, something the UK government is hoping to cash in on by selling off around 17 million unused addresses that could be worth millions of pounds.