upvote

points

by lsofzz18 hours ago |
comments
upvoteby zaptheimpaler17 hours ago|
next
[-]
Clueless lol. This is not about any of that. I run Plex on my local network at plex.domain.com. Plex sends logs to the internet with its local domain in the string. Leak. There is no easy way to solve this without deeply inspecting each packet a service sends outside your network, and even that doesn't work when services use SSL certificates and certificate pinning preventing MITMs.
reply
upvoteby lsofzz17 hours ago|
parent|
[-]
wtf are you allowing plex to initiate outbound connections to begin with?

and why is plex not in it's own VLAN with a egress FW rules to second with?

lastly, why aren't you running snort/suricata to inspect the packets originating at plex?

let me solve this problem for you - it probably doesn't bother you at all.

otherwise, you'd scratched your itch a long time ago.

> Clueless lol.

It's ok to be clueless. And, it's ok to be working for a FAANG and be clueless too.

reply
upvoteby lxgr15 hours ago|
parent|
next
[-]
> It's ok to be clueless. And, it's ok to be working for a FAANG and be clueless too.

Glad you're not being too hard on yourself :)

reply
upvoteby imtringued16 hours ago|
parent|
prev|
next
[-]
You sound so confident about this and yet you're listing a bunch of useless advice that doesn't work, because the analytics are integrated into the web interface and therefore executed inside the web browser. To guard against that, you'd have to block all outbound connections on your laptop and all other devices that could potentially access the web interface.
reply
upvoteby lsofzz16 hours ago|
parent|
[-]
[flagged]
reply
upvoteby zaptheimpaler15 hours ago|
parent|
prev|
[-]
Its great to be clueless, thats how you learn! Just dont flex and demean other people like "Coming from someone who worked at FAANG, this is sub par post." if you're clueless. Again everything you've said does not really apply here or is impractical.
reply
upvoteby lsofzz13 hours ago|
parent|
[-]
> [ ... ] if you're clueless.

Done it. Therefore, I flex. I was talking about clueless folks like yourself.

> Again everything you've said does not really apply here or is impractical.

YMMV. Always.

reply
upvoteby bigibas12318 hours ago|
prev|
next
[-]
Blocking dns leaks from the local network will not prevent sentry from sending them to the cloud. Blocking sentry from reaching the cloud (like said in the post) will.
reply
upvoteby jeroenhd18 hours ago|
prev|
next
[-]
From the article:

> Around this time, you realize that the web interface for this thing has some stuff that phones home, and part of what it does is to send stack traces back to sentry.io. Yep, your browser is calling back to them, and it's telling them the hostname you use for your internal storage box. Then for some reason, they're making a TLS connection back to it, but they don't ever request anything. Curious, right?

Unless you actively block all potential trackers (good luck with that one lol), you're not going to prevent leaks if the web UI contains code that actively submits details like hostnames over an encrypted channel.

I suppose it's a good thing you only wasted 30 seconds on this.

reply
upvoteby lsofzz18 hours ago|
parent|
[-]
[flagged]
reply
upvoteby jraph18 hours ago|
prev|
[-]
Wow, just skip the "bad post", "took me 30 seconds", "Basic stuff" parts already, especially when you are completely missing the point and don't seem to realize it even after several people point it out.

Show some humility.

What's more, one doesn't really read Rachel for her potential technical solutions but because one likes her story telling.

reply
upvoteby lsofzz18 hours ago|
parent|
[-]
[flagged]
reply