when reading through the jellyfin with chromecast guide i realized that it would probably be less effort to just let the casting api be public, with the added bonus that i could then cast my library to any device that supports it. but that seems like it would paint a giant target on the server.
what’s the recommended way of doing stuff like this? ideally i want to be able to go to someone’s house and just play some of my media on their tv.
not that any of this is doable in the near future, since i’m behind cgnat and won’t get my colocated bounce server up until spring.
Are you not actually open to the public internet? Is it running on a nonstandard port? Is it already pwned and something is scrubbing logs?
Non standard port. But aren’t secret chinese hack farm scanning wider than just 22 ? I don’t know and deep down believe that it’s pawned and scrubbing logs.
The resources required to port scan every port on every IP is generally not worth it. AFAIK they tend to stick to lower ports or popular ports. Unless they’re intentionally targeting a specific IP or IP range, they’re just looking for low hanging fruit.
Low hanging fruits are, in my personal case, pictures of my cats and public domain cultural artefacts.
Industrializing hacking of random servers sounds like a shitty idea at the end of the day…
The ability to generate a bunch of traffic that looks like it’s coming from legit, every-day residential IPs is invaluable to disinformation campaigns. If they can get persistence in your network, they can toss it into a bot net which they’ll sell access to on the dark web.
A sucker opens insecure services to the open internet every day, that’s free real estate to bot farms. Only when the probability of finding them is low enough is it not worth the energy/network costs. I think hosting on non-standard ports is probably correlated with lowering that probability below some threshold where it becomes not worth it…don’t quote me, though.
At the end of the day, the rule is not to depend on security by obscurity, but that doesn’t mean never use it.
This whole thread (that I shamelessly hijacked) is very informative and allowed me to understand that cybersecurity is in practice a mixture of concrete nerdy log books and vague feeling of being under a threshold of worthiness.
I woke up this morning and there was a faint noise coming from the server: immediately thought “ok that’s it, it’s pawned and become a node in a vast grid of malicious bots”…it was a cron verification of drives
Hah yeah, I’ve definitely pulled the plug on my router before because I wasn’t sure what I was seeing.
I mean, cybersecurity I would consider to be a research field. In practice, yeah, it’s a bunch of people just doing their best.
I tend to keep everything inside my network and only expose what I need visible on non standard ports, one of those being a VPN. It’s not that I couldn’t run these services public facing, it’s that the people taking the time to constantly update, configure, and auditing everything full time to head off red team are being paid. I don’t need to deal with an attack surface any larger than it needs to be, ain’t nobody got time for that.