Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    MalwareBytes

    Scheduled Pinned Locked Moved pfBlockerNG
    12 Posts 6 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator @charlieblalock
      last edited by

      @charlieblalock said in MalwareBytes:

      two workstations causing this much traffic in less than two hours - no thanks

      And what happens when you don't block it? Many applications will bang their heads against the wall trying to resolve or get to their sites..

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      C 1 Reply Last reply Reply Quote 0
      • C
        charlieblalock @johnpoz
        last edited by

        @johnpoz My job is to recommend options, and in this instance, there are many more options in the same space that does not abuse network traffic. One PC created 1 GB of data in about 2 hours on the firewall. Multiple that by ~200 client Pcs and we would be DDOSin the network.

        johnpozJ 1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @charlieblalock
          last edited by johnpoz

          @charlieblalock oh don't take that the wrong way - was just curious more than anything.

          And its something I despise - and feel its horrible coding... I get it try and resolve something and it fails, sure try again. But some devices are just insane - their should be a back off built in... Hey 3 attempts don't work, wait X seconds, don't work wait X minutes, doesn't work wait X hours, etc..

          Roku's are horrible at it as well.

          roku.jpg

          But its really a known thing in dns blocking - some things will just go insane when you block what they are looking for..

          I mean really do you have to ask every freaking second ;) Or every 30 seconds even..

          Stupid ass if you ask me

          stupidshit.jpg

          Every freaking minute - come on, your not getting it ;)

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          M 1 Reply Last reply Reply Quote 0
          • provelsP
            provels
            last edited by provels

            Of possible interest. MB Forum

            Peder

            MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
            BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

            1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @charlieblalock
              last edited by

              @charlieblalock said in MalwareBytes:

              MalwareByte AV product was just atrocious.

              Malwarebyte was quiet useful in the past.
              That's all gone now. Their programmers now want to get paid, share holder want their stake, and so on.
              Same thing for AVAST, and many others like 'utorrent' (was useful in the past,and then they added a crypto miner).

              @charlieblalock said in MalwareBytes:

              We were going to roll this out to a 200-person

              Wait. Visit your companion's health care centre first - and human resources.
              You'll be needing them.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              provelsP 1 Reply Last reply Reply Quote 0
              • M
                mer @johnpoz
                last edited by

                @johnpoz said in MalwareBytes:

                I mean really do you have to ask every freaking second ;) Or every 30 seconds even..

                "I tried to get to my site every 10 secs, but failed once so I have to try every 5 secs and when that fails I now try every second until it succeeds"

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @mer
                  last edited by

                  @mer hehehe exactly! Just such nonsense..

                  Another thing that rubs me the wrong way is these iot devices that need to talk to something every X seconds.. Ok fine - not an issue you want/need to talk to something every X seconds.. But if your going to have to look up some fqdn every X seconds - how about you cache that for some time, you know say the life of the ttl.. Vs having to do a dns query every 10 seconds when you want to go to something.whatever.tld

                  Not saying you need to run a full blown caching name server on your iot device... But JFC - can you not at least cache the few entries your talking to vs having to ask dns for it every single time.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  M 1 Reply Last reply Reply Quote 1
                  • M
                    mer @johnpoz
                    last edited by

                    @johnpoz Now why would you want to do that. I mean 4bytes for every IPV4 address you cache, 16 bytes per IPV6 address, that can add up over the 3 or 4 addresses you need.
                    And parsing the response for TTL and setting a timer way too much code.

                    Actually worked at a place that had redundant cards in a chassis, did the heartbeat thing to see if you needed to fail over. And yes the initial implementation used the exact opposite of an exponential backoff when they did not receive an ACK in time.
                    And folks wondered why things wouldn't work sometimes.

                    johnpozJ 1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator @mer
                      last edited by

                      @mer said in MalwareBytes:

                      that can add up over the 3 or 4 addresses you need.

                      hahah.. Exactly how 1 or 2 devices sending a query to my dns every X seconds isn't a big deal... But if I have 100 of those devices on the network.. That can add up to unwanted dns traffic ;)

                      I mean who would ever have more than a couple of say light bulbs on their network.. What tops a half dozen.. So sure just query my dns every 1 second you POS ;) its not like on a wifi network where you know other things might want to talk and use the wifi at the same time as your flooding it with needless chatter.. Oh while your at it - could you broadcast looking for other devices every second as well..

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 1
                      • provelsP
                        provels @Gertjan
                        last edited by

                        @gertjan said in MalwareBytes:

                        Their programmers now want to get paid

                        The nerve...

                        Peder

                        MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
                        BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

                        1 Reply Last reply Reply Quote 0
                        • T
                          Tzvia
                          last edited by

                          This 'telemetry' crap is common as dirt. Telemetry my arce. They are collecting data about usage- like where you go on the internet. See it with Firefox (incoming.telemetry.mozilla.org), my phones once I switched them to my internet carrier (v-collector.dp.aws.charter.com), MS does it (v10.vortex-win.data.microsoft.com)... you name it, they are trying to make a buck off your usage. Malwarebytes also has that 'browser guard'. I keep saying NO and sure enough it pops up again 'please turn me on'. Where else to better see where you are going, than with a plugin in the browser?

                          These days, many AV products are moving away from local 'definition' files/local scanning, to cloud based scanning. I get it, real time scanning, zero day bla bla. But I wonder what they are storing up there 'in the cloud'- their servers, and how it affects computer performance. Malwarebytes is on the mild side here- we use Fireeye at work and their xagt process can chew up 80% of the processor- you really feel it. Horrible. Maybe Malwarebytes has a central control console (not familiar with what they offer for business use) where you can turn telemetry off without having to manually do it on 200 machines...

                          Tzvia

                          Current build:
                          Hunsn/CWWK Pentium Gold 8505, 6x i226v 'micro firewall'
                          16 gigs ram
                          500gig WD Blue nvme
                          Using modded BIOS (enabled CSTATES)
                          PFSense 2.72-RELEASE
                          Enabled Intel SpeedShift
                          Snort
                          PFBlockerNG
                          LAN and 5 VLANS

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.