please check out the anti-mandate news »

« prev   random   next »

3
0

Finally Got Around to Installing Pihole

By NuttBoxer follow NuttBoxer   2021 Oct 27, 11:29am 246 views   18 comments   watch   nsfw   quote   share      


Was wanting to do something with pfsense as well, but decided for now, just to add pihole. Have an old laptop I use for my tor service(only enough bandwidth to run a bridge), that seemed under utilized, so installed pihole there. A bit concerned about the older NIC handling the traffic, but so far seems ok. Was interesting to see that despite disabling ipv6 on my router, there are still a number of requests getting made for that, and that the goGuardian SW installed on my daughters school chromebook is taking a lot of screenshots. The default blocked list turned up tons of google(no surprise), but also a LOT of roku, specifically logs. Really wishing I hadn't gotten the remote with the mic on it.

Not sure why I waited so long, setup was a cinch. Made some minor modifications so far, like pointing pihole dns to my router so I can see local client names instead of IP's, and blocking some of the above traffic.

Next want to get my tp-link switch up again, and create a VLAN for all my wired traffic to add an extra layer of security in my network.


1   Eric Holder   ignore (0)   2021 Oct 27, 12:03pm     ↓ dislike (0)   quote   flag        

I wonder if an old netbook would be powerful enough to run this.
2   richwicks   ignore (2)   2021 Oct 27, 12:16pm     ↓ dislike (0)   quote   flag        

Eric Holder says
I wonder if an old netbook would be powerful enough to run this.


Yes. It's PI Hole. It's designed to run on a raspberry pi. That's a 1GB system running at 1.5 Ghz (I think), on a quadcore ARM.

A raspberry PI is a full computer. I'd consider it about as powerful as a good desktop in 2000, or better. Better video card anyhow.

Highly recommend this case if you get one:

https://flirc.tv/more/raspberry-pi-case

It runs on 10 watts or less. If you get one, make certain the case you get matches the type of PI you get. There's the 4 and 3 now. If you want to go oldskool, get a raspberry pi 400:



It will blow any keyboard/computer combo away, and is able to simulate all the old systems no problem.
3   SunnyvaleCA   ignore (1)   2021 Oct 27, 12:48pm     ↓ dislike (0)   quote   flag        

Looking at the marketing diagram from the original post and wondering if people use the 1.1.1.1 Google-owned DNS? I've tried it from time to time when Comcast DNS seemed to have some problems for me, but who wants to let Google spy on you so easily?
4   NuttBoxer   ignore (2)   2021 Oct 27, 12:59pm     ↓ dislike (0)   quote   flag        

My laptop is a shitty Dell with a Celeron dual core 1.7, and 2gb RAM. But it does help that I'm running headless Debian.
5   Eric Holder   ignore (0)   2021 Oct 27, 1:16pm     ↓ dislike (0)   quote   flag        

NuttBoxer says
My laptop is a shitty Dell with a Celeron dual core 1.7, and 2gb RAM. But it does help that I'm running headless Debian.


Pretty much like my netbook.
6   NuttBoxer   ignore (2)   2021 Oct 27, 1:36pm     ↓ dislike (0)   quote   flag        

This one is stumping me. Looks like my Linux laptop is constantly pinging Microsoft's internet connectivity endpoint using ipv6, despite having ipv6 disabled on my laptop, and my router.

www.msftncsi.com
7   just_passing_through   ignore (8)   2021 Oct 27, 6:20pm     ↓ dislike (0)   quote   flag        

NuttBoxer says
Really wishing I hadn't gotten the remote with the mic on it.


@Nuttboxer, I opened mine and snipped the mic wire a couple of years ago and it's worked dandy every since!
8   NuttBoxer   ignore (2)   2021 Oct 27, 7:44pm     ↓ dislike (0)   quote   flag        

Opened mine, which is a bit newer, no wire to snip. Trying to look for a schematic of the remote board to see if I can pinpoint what it is, and maybe still disable it.
9   richwicks   ignore (2)   2021 Oct 27, 8:01pm     ↓ dislike (0)   quote   flag        

NuttBoxer says
Really wishing I hadn't gotten the remote with the mic on it.


IT'S A SPY DEVICE.

Seriously though, it's an eavesdropping device. I am entirely serious.

If there's a microphone and it's connected to the Internet, consider it a spy device. Please believe me on this. Nobody seems to believe engineers in Silly Con Valley, please believe me.

This includes your phone BTW. We'll fix it in time with something like the PinePhone - it's a few years out before you can actually use the damned thing. For now, it's nerd only tech. You'd throw it out of your car window if you actually had to use it at this point. It works, but it doesn't operate any normal (sane) human being has been trained to expect. Click, say, FireFox and it will pop up - eventually, 5 seconds later, with no indication you even touched the screen. You will think it didn't register your screen tap, and you will hit it 6 more times before it opens. It works, and it looks like a normal smart phone, but it's really a computer and the interface needs a LOT of work.

And I'm not kidding it's a computer. It's basically a raspberry pi - a little more powerful. The equivalent (easily) of a $5,000 graphics unix workstation in 1992.
10   NuttBoxer   ignore (2)   2021 Oct 27, 10:44pm     ↓ dislike (0)   quote   flag        

Ended up taping a piece of foam over the speaker, as it's soldered to the board, and I don't have the tools to remove it. Tested afterwards, and seems like they won't be getting much value from it anymore. Plus those "logs" getting blocked could be the recordings?
11   noobster   ignore (0)   2021 Oct 28, 1:30am     ↓ dislike (0)   quote   flag        

NuttBoxer says
Ended up taping a piece of foam over the speaker, as it's soldered to the board, and I don't have the tools to remove it. Tested afterwards, and seems like they won't be getting much value from it anymore. Plus those "logs" getting blocked could be the recordings?


The solder used to attach it to the board is soft. You could simply cut the connection with an xacto blade with out too much effort. Watch the fingers.
12   NuttBoxer   ignore (2)   2021 Oct 28, 8:25am     ↓ dislike (0)   quote   flag        

I don't have one. Have some pretty small flat heads I tried prying it up with, but no dice.
13   FuckCCP89   ignore (6)   2021 Oct 28, 8:28am     ↓ dislike (0)   quote   flag        

NuttBoxer says
I don't have one. Have some pretty small flat heads I tried prying it up with, but no dice.


Drill it out.
14   just_passing_through   ignore (8)   2021 Oct 28, 8:32am     ↓ dislike (0)   quote   flag        

Nuke it from orbit, it's the only way to be sure.
15   noobster   ignore (0)   2021 Oct 29, 7:50pm     ↓ dislike (0)   quote   flag        

No no no ! Use your flat head (racist term by the way) as an exacto blade. He's not as sharp, but he'll get the job done. Solder is soft (even pb free). Scratch/Score the solder to liberate the mic!

If all that fails, the general guidance of blaring expletives constantly into the controller is a good second choice.

Hope this helps
16   NuttBoxer   ignore (2)   2021 Oct 30, 11:10am     ↓ dislike (0)   quote   flag        

That board is flimsy as fuck, and the mic is on the other side of the RFID(?), so more worried about breaking something else. I tried speaking right into the mic, really clearly, and was told Roku couldn't hear me. I think the foam will be a good compromise.

In the meantime I'm blocking almost 40% of my traffic now. Never knew Apple was forcing all their traffic over their own DNS(not anymore!).
17   NuttBoxer   ignore (2)   2021 Nov 21, 8:50am     ↓ dislike (0)   quote   flag        

Just wanted to share my traffic blocking patterns after getting my rules in place. Over 90% of my smart TV's/Roku traffic is being blocked, with some devices even hitting the rate limit. Majority is logging requests. The other main culprit that comprises over 50% of overall blocked traffic is Apple dns requests. I've read these are made to optimize performance by selecting the closest Apple servers, but reality is, if you're letting someone you don't know make dns requests for your network, you're giving away an awful lot of information.
18   just_passing_through   ignore (8)   2021 Nov 21, 10:29am     ↓ dislike (0)   quote   flag        

I keep my 'smart' TV eth cable disconnected. It's too stupid to know the password to my wifi router.

However, with the mesh network rolling out I know this is just a temporary fix.

I was never able to get pi-hole setup well enough to block utub adds. They interlace with content so I just wound up blocking what I wanted to see on my roku.

about   best comments   contact   one year ago   suggestions