Alternity Comments - Answer Overflow

Topics

Alternity

•Created by afraid-scarlet on 12/4/2023 in #🚀｜alt-reddit

How do I conceal my pikvm/tinypilot from my employers?

in my case i'm wiring the job laptops directly to the router so i have zero vlan of any kind. but if you wanted to route them through managed switches would be trickier

96 replies

•Created by fair-rose on 12/4/2023 in #🚀｜alt-reddit

How do I conceal my pikvm/tinypilot from my employers?

its same as if you have a linux server with multiple eth0's, since thats literally what it is

96 replies

•Created by xenial-black on 12/4/2023 in #🚀｜alt-reddit

How do I conceal my pikvm/tinypilot from my employers?

the dedicated ethernets per job have traffic rules to WAN and block rules for LAN and other job interface

96 replies

•Created by metropolitan-bronze on 12/4/2023 in #🚀｜alt-reddit

How do I conceal my pikvm/tinypilot from my employers?

sure, its just iptables rules on the backend. so you can route traffic between the different ethernet interfaces as needed

96 replies

•Created by genetic-orange on 12/4/2023 in #🚀｜alt-reddit

How do I conceal my pikvm/tinypilot from my employers?

thats what i would def recommend to anyone not 100% comfortable with networking and linux

96 replies

•Created by other-emerald on 12/4/2023 in #🚀｜alt-reddit

How do I conceal my pikvm/tinypilot from my employers?

yep, in this case its 4x distinict ethernet interfaces so 4 diff burned in MAC's, can change them as well ofc

96 replies

•Created by ambitious-aqua on 12/4/2023 in #🚀｜alt-reddit

How do I conceal my pikvm/tinypilot from my employers?

If you are going J3+ and feel comfortable with networking and Linux then buying an x86 router mini pc + openwrt would be a reasonable way to go. I use this $100 router + openwrt. Since it has 4x ethernet ports (different mac addresses each) thats 1 WAN, 1 LAN and 2 ports for 2 jobs. I'll likely start adding additional usb ethernet interfaces to it if i need more router mac addresses for more J's. https://www.aliexpress.us/item/3256804173757529.html

96 replies

•Created by absent-sapphire on 10/7/2024 in #🥷｜anti-cyber-security

NetSec + OpSec + VLAN Management for OE

sounds likely, if you want to be extra sure login to the work laptop and run lsusb -v from there to check

368 replies

•Created by vicious-gold on 10/7/2024 in #🥷｜anti-cyber-security

NetSec + OpSec + VLAN Management for OE

I'm not too worried about them correlating public IPs because there's a lot of fuzziness there with ISPs and CGNAT. but the only way for multiple devices to have the same upstream Mac address is if they are all physically connected in a local area network on layer 2

368 replies

•Created by adverse-sapphire on 10/7/2024 in #🥷｜anti-cyber-security

NetSec + OpSec + VLAN Management for OE

now if that's too vague for them to be actionable I'm not sure I'm not very familiar with this confidence score thing. I'm thinking more in terms of reporting from a siem

368 replies

•Created by quickest-silver on 10/7/2024 in #🥷｜anti-cyber-security

NetSec + OpSec + VLAN Management for OE

thank you for the detailed response. I think this is where we differ and where I'm probably making assumptions maybe I shouldn't. from a log correlation perspective three plus job laptops with crowdstrike on VLAN networks would still show up with the same upstream Mac address for the router which is a form of uuid and would identify those three jobs as all being on the same local network.

368 replies

•Created by like-gold on 10/7/2024 in #🥷｜anti-cyber-security

NetSec + OpSec + VLAN Management for OE

hmm i think we're probably talking past each other. I'm worried about CS and other tools corrolating based on multiple jobs having those same mac addresses showing up the arp table somewhere. if that's not a concern than vlan and a single router is fine? just not sure what you're protecting against in that case

368 replies

•Created by sunny-green on 10/7/2024 in #🥷｜anti-cyber-security

NetSec + OpSec + VLAN Management for OE

i'd be willing to bet a pizza that all your devices have the same MAC address for the router in their arp cache

368 replies

•Created by magic-amber on 10/7/2024 in #🥷｜anti-cyber-security

NetSec + OpSec + VLAN Management for OE

i am assumign you are using again a single router currently

368 replies

•Created by stormy-gold on 10/7/2024 in #🥷｜anti-cyber-security

NetSec + OpSec + VLAN Management for OE

maybe i'm outdated. can you run arp -a on all devices and report bac k what the router mac is? i would super love if im wrong

368 replies

•Created by sensitive-blue on 10/7/2024 in #🥷｜anti-cyber-security

NetSec + OpSec + VLAN Management for OE

this is why almost everyone should follow suggestion 1. get a seperate router per J

368 replies

•Created by exotic-emerald on 10/7/2024 in #🥷｜anti-cyber-security

NetSec + OpSec + VLAN Management for OE

you can, but it will change the mac address for all the devices. again this is assumign you are doing one router, managed switch, vlan's.

368 replies

•Created by wise-white on 10/7/2024 in #🥷｜anti-cyber-security

NetSec + OpSec + VLAN Management for OE

and to be clear, only reason i was annoyed is that this convo will probably confuse others, who may now think that VLAN is all you need when @brodonalds has shown pretty clearly that is not the case. ARP cache will show same router MAC for all VLAN's

368 replies

•Created by flat-fuchsia on 10/7/2024 in #🥷｜anti-cyber-security

NetSec + OpSec + VLAN Management for OE

fair enough, it is an unusual thing to find someone who will admit their mistake and then go back and change what they wrote. i've always been a bit of a weird one 😛

368 replies

•Created by plain-purple on 10/7/2024 in #🥷｜anti-cyber-security

NetSec + OpSec + VLAN Management for OE

agreed, thats why i already edited it......

368 replies