[Jake]

Thanks for the information. I found the hackpascal github too. Strangely, there is another MT7621 bootloader posted there, but no mention of breed.

BTW I finally got around to attaching a USB to TTL converter to pcWRT. It’s cool to see your work in detail. I am still looking for your update mechanism, SSH management, and how you’ve emplemented the firewall. I may have overlooked some of it though. It’s hard for me to follow JS. I haven’t programmed with it, and as a single string it’s even harder to parse.
I must confess I was a bit disappointed to see 19.07.2, but I think I understand why after reading how openWRT (doesn’t) deals with user installed packages during upgrades, and you’re doing your own thing and providing your own updates regularly.
Out of curiosity, what kinds of changes in openwrt are possible without breaking your overlay? Like, if I wanted to setup more detailed IPtable rules, how would that impact the overlay?

[Jake]

Ignore the last question. These answered it:

Put IoT devices on guest network

How to use your router to block smart TV snooping

The reason for asking about breed is because I think you might be really familiar with it. I’m just a curious hobbyist and have no other motivations. I just volunteered to do some testing for someone that is trying to do kernel improvements for the MT7621.

My reason for asking about TSL/SSL is bc if my browser has the HTTPS-Everywhere addon installed it mixes up the pcWRT blocked site filter warning. Sometimes it is unclear if the website is down, is a http site but blocked by pcWRT, or is just blocked by pcWRT.

[Jake]

Do I have open ports being scanned? -No
Once a browser is opened, regardless of the activity/inactivity/website visited I noticed there was a large volume of data transferred constantly to one of 4 CIDR servers. Upon searching these, they show up in some known ads block lists. They primarily pull encrypted packets across HTTP. Even with HTTP disabled in UFW, it was still transfering hundreds of megabytes every few seconds. I finally blocked all of the TCP connections with an IPTable filter that blocks all the ranges, including incoming, outgoing, forwarding, and established. I can still see the dropped UDP packets in my log. They have random IP addresses in the CIDR range and they do odd things like lots of invalid addresses. At least as it is logged the IPV4 address is transposed into a IPV6 in random ways, and otherwise incomplete addresses are used. I thought perhaps the entire issue was some addon, but it happens even when these are removed. Blocking all of these addresses has no effect on the websites I visit. Using Whois on the IP ranges shows nothing about my ISP. I know their IP and servers from browsing shodan. The servers in question are all in the US but none are even in my region. The most common block of addresses sometimes resolves as Amazon aws in logs and the server is registered at MIT. The logs show a udp packet dropped around every 3 seconds. I had rather block this traffic from the network completely if possible. I have Firefox containerized, so the traffic is killed as soon as I close the browser. I just made the switch to Fedora Silverblue as well, so I KNOW I’m in control.
This is all a curiosity more than anything. I’m interested in a career in hardware development and looking at how to lock down a system as much as possible. My interests have been in embedded hardware/firmware/RTOS systems, not networking or security. This subject is a tangential distraction, turned curiosity. It’s possible I misunderstand some aspect of this and am chasing a non issue. It is odd that blocking this information causes no issues with the sites requested, and just the act of opening a browser to any web page results in the near constant flow of hundreds of megabytes of data. I’ve done the TCPdumps and checked them with Wireshark. It’s all just a garbled encrypted mess.
So no, I don’t have open ports,.. until I open a browser.

[Author]

Posts