lungdart

@lungdart@lemmy.ca

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Pfsense is built on this, but it has some free software issues.

OpnSense was a pfsense fork from some of them original creators, that is free software.

Both are fantastic.
⁨Comment⁩ on ⁨My stupidity saved me from being hacked today!⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
Doubt. You probably need to set the file owners in your volume to the same user running in the container.
⁨Comment⁩ on ⁨What do you use to manage secrets in your network?⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
Pass can’t do this.
⁨Comment⁩ on ⁨What do you use to manage secrets in your network?⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
It’s a cli tool, so you can call it within another call using dollar sign syntax
```
terraform apply --var "myvalue=$(pass path/to/value)"
```
⁨Comment⁩ on ⁨What do you use to manage secrets in your network?⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
I’m using pass at home, but I’ve used hashicorp vault at a few jobs with great success.

IBM just forked it to openBao as well to get around the business license, if that’s a concern for your. But honestly I’d trust hashicorp more than IBM at this point.
⁨Comment⁩ on ⁨How do you mask Wireguard traffic?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Wireguard is e2e encrypted, no middleman can inspect the packets without the private keys.
⁨Comment⁩ on ⁨Give me your clothes and your phaser⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Shaka, when the walls fell…
⁨Comment⁩ on ⁨ISP router wifi range⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
discord.com/servers/8311-886329492438671420

Get rid of their junk equipment and put something decent in. Discord link is a group dedicated to doing just that. You may find info for your specific ISP.

If you do it right, you won’t even need their gear inline at all.
⁨Comment⁩ on ⁨What benefits do you get for being on-call? - programming.dev⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
We have a team of 6 and rotate on call regularly. I’m in the US and receive no benefit for on call specifically, but other regions do. My salary more than covers the inconvenience though.
⁨Comment⁩ on ⁨Have I been DoS'd?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
You could always add them to the allow list so they don’t get blocked.
⁨Comment⁩ on ⁨Have I been DoS'd?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Sounds like you were out of resources. That is the goal of a DoS attack, but you’d need connection logs to detect if that was the case.

DDoS attacks are very tricky to defend. (Source: I work in DDoS defence). There’s two sections to defense, detection and mitigation.

Detection is very easy, just look at packets. A very common DDoS attack uses UDP services to amplify your request to a bigger response, but then spoof your src ip to the target. So large amounts of traffic is likely an attack, out of band udp traffic is likely an attack. And large amount of inband traffic could be an attack.

Mitigation is trickier. You need something that can handle a massive amount of packet inspection and black holing. That’s done serious hardware. A script kiddie can buy a 20Gbe/1mpps attack with their moms credit card very easily.

Your defence options are a little limited. If your cloud provider has WAF, use it. You may be able to get rules that block common botnets. Cloudflare is another decent option, they’ll man in the middle your services, and run detection and mitigation on all traffic. They also have a decent WAF.

Best of luck!
⁨Comment⁩ on ⁨selfhosted webapp for employee availability within company?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
What you’re looking for is an HRM. try these options: github.com/awesome-selfhosted/awesome-selfhosted#…
⁨Comment⁩ on ⁨It's always DNS, should I complain?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
I would migrate the domain. Don’t bother with flakey services. Cloudflare free tier can do some amazing things.

In the meantime set it in your host file to the correct IP to get by.