I tried searching for answers as to why these machines are reaching out to numerous locations despite not using PrusaConnect. Location lookup returns the expected Czech, as well as location across the US. I recently also set a friend up with with an Elegoo printer and that was expectedly noisy as hell, but I was surprised with Prusa being the ‘privacy pick’.
For those curious, here’s the logs since about midnight, it seemingly doesn’t talk during the day.
209.51.161.238:123
195.113.144.238:123
23.150.41.122:123
193.29.63.226:123
162.244.81.139:123
64.246.132.14:123
172.104.182.184:123
66.85.78.80:123
68.234.48.70:123
129.250.35.250:123
Edit: Midnight brain forgot what ports are for, and that is for NTP, thanks yall
There is no opsec in censoring RFC1918 private addresses. There is absolutely no PII involved 🤣🤣🤣
I was taught in my IT Sec classes to avoid sharing any unnecessary information. Information on private IPs can be used to better understand your network, allowing a threat actor to better navigate your network without needing to do ip scans (which are very obvious and should trigger even basic detection). While it is most likely pointless (since OP probably isnt at risk of targeted attacks), it is still good opsec.
While right, what fun is it using enterprise grade hardware if you’re not at least going to pretend to be serious with it 😁
I mean, basically any device will send a DHCPDISCOVER broadcast on 255 when it connects, to see if there is a DHCP server on the network. Unless you’re running your entire network on pre-configured static addresses and have your router set up to intercept all broadcast messages (and treat the broadcasting device as hostile), any device plugging into the network would automatically broadcast a message anyways.
And honestly, if you’re being that paranoid about your network, you’d probably be better off just using port security and a MAC whitelist instead. It would save you a lot of time with manually configuring IP addresses. That way any threat actor would only be able to connect if they already knew a whitelisted MAC. And gentle device discovery can also be automated without obvious brute force “ping every IP in the subnet at the same time, and blatantly scan common ports on responding IPs” network scans. They’ll take longer, (and passive scans may miss some devices) but they wouldn’t trip the rudimentary “watch for any device firing ping requests out to every single IP” scan detection. Passive scans can be particularly difficult to detect.
The point of my comment wasn’t that OP was in “real danger” if they showed local IPs, just that it doesn’t hurt to censor them. Never give more information than necessary. I censor usernames and filepaths on any screenshots of the terminal, even though if an actor has the kind of access to utilize that information I am probably already fucked. I think it is good practice to always scrutinize the information you give out willingly.
Just block ICMP lol /s
Purely theatrical and serves no purpose or benefits. Any TA that penetrates the network would discover those subnets instantly.
Performative opsec
Call it performative, but you don’t know what subnet they’re on 😝
Oh noo, you completely defeated surveillance by hiding a screenshot of your privately routed address space, nooooo
I’m sorry for upsetting you so much. I don’t think I said I defeated surveillance so that’s on you.
You’re kinda right, but PII != bits of entropy about you
How much metadata do you need until its PII? What subnets exist and which devices are potentially leverageable are valid points in a threat model… maybe not entirely suited for everyone but I’m sure as hell my employer is unknowingly greatful for
Lol is your 192.168.1.1 the same device as my 192.168.1.1? Is it the same device for your neighbors as well?
No.
There is no threat model where posting unredacted RFC1918 address space is a risk.
How do you know mine isn’t not 192.168.2.1 HMMM?