diy solar

diy solar

FBI warns of Solar System Cyber Threat

Rednecktek said:
Ya know, us old coot off gridders are laughing at all y'all right now. :p
Click to expand...
The only way “I know of “ , to hack or mess with my offgrid / off internet system is to come load it in a truck and steal it..
I may be wrong about that , but I’m not connected to anything in anyway…except during the rare Victron blue tooth down loads ……( thst may be a window of some type, not sure)
I don’t know how , but maybe they can..
 
Brucey said:
Dodged a bullet with fireye here.
Click to expand...
my last posting, we did an endpoint security POC, when I left, Crowdstrike, CarbonBlack, and ESET were still on the list. For several reasons, ESET was what I was leaning towards. Almost wonder if there will be a push to limit growth of any one company in this market. Not that it could happen, but we can see what can happen now. Three major airlines grounded...
Costing us, ballpark, $36,000/hr in engineering time alone, probably closer to $60,000
 
Last edited:
v_green57 said:
Solution to (yet another) Windows Update borking things...

Don't use Windows.

(yeah, yeah, "Work makes me do it!" yada, yada)

I sympathize with those who are forced to use one of the buggiest blobs of code on the planet. I am not, so I don't.

My wife was very skeptical when we switched to Linux apx. 10 years ago. "It's different!"

Her skepticism went away as year after year it "just works", never coughing hairballs after updates and version upgrades. Or otherwise screwing up her day (and mine).
Click to expand...

Sadly it's not that work forces me it's that some programs like the horrible nextion editor I use to make my light switches pretty only work on windows though I use duel boot drives so windows only gets booted up when I have to use it.
plympton said:
I used ngrok for a while as a reverse... something... when I only had cellular connectivity at my cabin - I couldn't use regular DDNS stuff.

I switched over to TailScale a while ago, and really like it - it has iPhone apps that automatically and transparently connect to your local net as if you were at home. Home Assistant has a plugin that you can configure to be an Exit Node - which, could be dangerous in case of a TailScale hack, of course.

Whack-a-mole.
Click to expand...
Tailscale is great I tried it on home assistant also but it required wireguard and more messing around to add as a router on opnsense so I went with zerotier.
JRH said:
The only way “I know of “ , to hack or mess with my offgrid / off internet system is to come load it in a truck and steal it..
I may be wrong about that , but I’m not connected to anything in anyway…except during the rare Victron blue tooth down loads ……( thst may be a window of some type, not sure)
I don’t know how , but maybe they can..
Click to expand...
You'd be surprised that hackers have actually managed to gain access to air gapped networks/offline systems but most of the time its valuable stuff and takes a lot of work like sending data through power supply frequencies not something a solar enthusiast should worry about atleast for now untill quantum computers become more mainstream.
 
ThaiTaffy said:
You'd be surprised that hackers have actually managed to gain access to air gapped networks/offline systems but most of the time its valuable stuff and takes a lot of work like sending data through power supply frequencies not something a solar enthusiast should worry about atleast for now untill quantum computers become more mainstream.
Click to expand...
Haaa…it wouldn’t suprize me if at some point the hackers figure out how to compromise my damn mule or the chickens somehow..

Maybe all this actually is a simulation..
Maybe I’m not even real…
Maybe I don’t owe any bills but think I do..
 
Time to set up OpenVPN on a computer that will access Solar Assistant and other devices that I want PROTECTED
 
BarracudaBob said:
Time to set up OpenVPN on a computer that will access Solar Assistant and other devices that I want PROTECTED
Click to expand...
Do you pay for a static IP? Are you familiar with networking?openvpn requires alot more configuration and a static IP though it is far better latency If not your better off with zerotier it can work with dynamic IP, it's very quick to setup and it's also free.
 
ThaiTaffy said:
Do you pay for a static IP? Are you familiar with networking?openvpn requires alot more configuration and a static IP though it is far better latency If not your better off with zerotier it can work with dynamic IP, it's very quick to setup and it's also free.
Click to expand...
I'll have to check it out
 
JRH said:
Maybe all this actually is a simulation..
Maybe I’m not even real…
Maybe I don’t owe any bills but think I do..
Click to expand...
That would be nice
I wouldn't have to move a refrigerator tomorrow....
I wouldn't have to bother with my visa in September....
I wouldn't have to pay my wife's $4000 credit card bill....
 
  • Haha
Reactions: JRH
BarracudaBob said:
Hacking is real
Click to expand...
Well, as a Retired IT Engineering Specialist I have a wee clue about it..
CBE, ECNE, EMCSE former NATO-IT Sec and a Governmental Core Systems Engineer for 10 years.

That Huawei 5G HORSE PUCKY was actually ONLY about the standard Admin/SYSOP back door that is on ALL telecoms/Server systems that MUST be changed & secured prior to installation. We tore that crap apart when the USG would not disclose the exact issue, so we, the UK & Germans took HARD & Extreme looks at that is ALL that it was .... Chicken Little CLUCKAGE ! But it was amazing news and wonderous Anti-China twaddle...
 
Why are you even blaming Microsoft? It wasn't even their fault. It was Crowdstrike that screwed up, yeah it screwed up Microsoft's stuff, but it is no more Microsoft's fault than it is your own fault when someone else's update breaks your stuff.

It does remind me I need to re-audit my stuff in my house. I refuse to use IoT (why would my fridge need to talk to the internet anyway?) but there are other things I should check again I'm sure.
 
SparkyJJO said:
Why are you even blaming Microsoft? It wasn't even their fault. It was Crowdstrike that screwed up, yeah it screwed up Microsoft's stuff, but it is no more MIcrosoft's fault than it is your own fault when someone else's update breaks your stuff.
Click to expand...

But don't you think, as Microsoft, you wouldn't vet a KERNEL LEVEL DRIVER on your own before deploying it? You know you'll be blamed if something goes wrong.
 
I was in IT for over 20 years, I saw all the issues that come with updates and malware protection. Which is why I use Windows 7 with no protection and no updates and no problems.
There are fewer issues with apple and Linux, not because they are better, but because they are an insignificant slice of the market share compared to windows.
 
ThaiTaffy said:
Back doors can be used to access other devices on your network which could have more sensitive details and the other thing to worry about with something like an inverter is a remote dead switch effectively bricking the device or worse still unlikely but not impossible turning a connected battery into a possible bomb.


Nothing In my rather large smart home/farm is connected to the internet(though I can access it anywhere in the world) it's something I put great effort into learn but the backdoors and security flaws in many of today's products are something your own government would rely on to spy on you not just foreign entities.

Cyber security has always been an issue for many western countries someone with good credentials can earn a very good wage in the private sector whereas atleast in the UK a job working for the government demanding the same credentials would pay 10% of that of the private sector whereas places like china are very cyber focused.

Many typical home routers supplied by your isp's just don't have the capabilities to isolate networks and prevent this kind of thing happening, anyone who seriously would like to secure their data(nothing will stop someone if they really want to get in) but if you don't want to be a easy target look into pfsense/opnsense or openwrt, all of which have a learning curve but some are steeper than others.
Click to expand...


As a network engineer and commercial IT company owner for 18+ years, this is why we setup or clients with quality routers and L2+ and L3 switches, even in residential environments.

With the amount of internet connected devices, both wired and wireless in the home today, its necessary to isolate these things from critical infrastructure.

For this very reason, its critical to setup multiple VLAN's for things like IOT devices, Guests, Cameras, Access Control, Critical Hardware and set policies and restrictions appropriately for these different VLANs.. For example, IOT and Guest VLAN's get locked down with access only to the internet. Devices on these VLAN's are unable to communicate with other devices on the same VLAN or devices on other VLAN's, they only have access to the internet.

This is a very basic, brief explanation but we find it necessary in setting up networks now even in residential homes with all the internet connected devices today and the threats that come with them.

The days of getting your local ISP router or a Best Buy bought Netgear, Linksys, etc. and plugging all your devices into it is a scary thought with all the threats today.
 
SparkyJJO said:
Why are you even blaming Microsoft? It wasn't even their fault. It was Crowdstrike that screwed up, yeah it screwed up Microsoft's stuff, but it is no more Microsoft's fault than it is your own fault when someone else's update breaks your stuff.

It does remind me I need to re-audit my stuff in my house. I refuse to use IoT (why would my fridge need to talk to the internet anyway?) but there are other things I should check again I'm sure.
Click to expand...
One of my sister in laws neighbours has a smart fridge not sure which neighbour but it's only secured via a password that's the fridges model number.
When I get bored visiting I often check and try to work out what their eating that week.
 
Last edited:
padom said:
As a network engineer and commercial IT company owner for 18+ years, this is why we setup or clients with quality routers and L2+ and L3 switches, even in residential environments.

With the amount of internet connected devices, both wired and wireless in the home today, its necessary to isolate these things from critical infrastructure.

For this very reason, its critical to setup multiple VLAN's for things like IOT devices, Guests, Cameras, Access Control, Critical Hardware and set policies and restrictions appropriately for these different VLANs.. For example, IOT and Guest VLAN's get locked down with access only to the internet. Devices on these VLAN's are unable to communicate with other devices on the same VLAN or devices on other VLAN's, they only have access to the internet.

This is a very basic, brief explanation but we find it necessary in setting up networks now even in residential homes with all the internet connected devices today and the threats that come with them.

The days of getting your local ISP router or a Best Buy bought Netgear, Linksys, etc. and plugging all your devices into it is a scary thought with all the threats today.
Click to expand...
I couldn't work out vlans for 4 years(due to an old L2 switch I was using) ended up running 3 different physical networks. I'm still very much a beginner and forget things as quickly as I learn them but I'm very glad I took the time to learn in the first place. It's definitely an interesting subject and as the world progresses more and more it's going to be an extremely valuable skill.
 
ThaiTaffy said:
I couldn't work out vlans for 4 years(due to an old L2 switch I was using) ended up running 3 different physical networks. I'm still very much a beginner and forget things as quickly as I learn them but I'm very glad I took the time to learn in the first place. It's definitely an interesting subject and as the world progresses more and more it's going to be an extremely valuable skill.
Click to expand...

The positive of 3 seperate I assume 1GB physical networks is you get 3x the bandwidth..

Prices have come way down in the last few years on L2 and L2+ switches and quality business/enterprise routers and fiber that putting together a quality network at home is much more doable.

I own a commercial IT company but we do get pulled into a few high end residential installs a year, mostly owners or executives of companies we have IT contracts with. Essentially money isnt a concern and they get setup just like any business. Arista, Netgate, Fortinet routers, Arista, HPE/Aruba switches, 10GB SFP+ uplinks to these L2+ switches and lots of VLAN's and rules/policies.

But, anyone can buy nice quality L2+ and L3 48 port POE switches with 4x10GB SFP+ off ebay fully working and run great for very little money today to use in a home setup or test environment. Will do everything you would need at home and more.

www.ebay.com

Aruba Networks S2500-48P-4x10G 48-Port Switch 4 SFP+ Ports Tested/Working #73 | eBay

This item is tested and is found to be working great. Main 48 states only.
www.ebay.com
 
BarracudaBob said:
I was tempted to take an HDMI output from solar's assistant and then somehow have that available via internet so I can monitor things but there was no way you could get back to the raspberry pi to make changes
Click to expand...

I have a Cloud server setup as a vpn router.
My remote devices ( computers) log into the vpn server via Wireguard autonomously. If I want to access them remotely, I vpn into the same server at a virtual IP address that was setup to route to the remote device. I can do anything remotely via ethernet that I would locally. I have two remote video security systems and a camera on a dock post that monitors my boat to make sure the boats tied up securely and not taking on water. The boat computer is a RPI that is connected to the marina wifi.
Its been up and running for 6+ years.
The software is all free open source. If you can do some Linux configuration, it's not hard.
If I want to make a remote change, I just do it and then reboot the remote device. The device logs back into the vpn cloud server and the change is done.
This setup drills through firewalls since everything starts as an outbound connection. Ive used it to program devices remotely and it scares some customers because it goes right through their firewalls.
I use Digital Ocean for the cloud server. I think its $7 per month.
 
padom said:
The positive of 3 seperate I assume 1GB physical networks is you get 3x the bandwidth..

Prices have come way down in the last few years on L2 and L2+ switches and quality business/enterprise routers and fiber that putting together a quality network at home is much more doable.

I own a commercial IT company but we do get pulled into a few high end residential installs a year, mostly owners or executives of companies we have IT contracts with. Essentially money isnt a concern and they get setup just like any business. Arista, Netgate, Fortinet routers, Arista, HPE/Aruba switches, 10GB SFP+ uplinks to these L2+ switches and lots of VLAN's and rules/policies.

But, anyone can buy nice quality L2+ and L3 48 port POE switches with 4x10GB SFP+ off ebay fully working and run great for very little money today to use in a home setup or test environment. Will do everything you would need at home and more.

www.ebay.com

Aruba Networks S2500-48P-4x10G 48-Port Switch 4 SFP+ Ports Tested/Working #73 | eBay

This item is tested and is found to be working great. Main 48 states only.
www.ebay.com
Click to expand...
I bought a dell 1u server for about $60 threw in a network card and installed opnsense for a router it's pulling 70w but it runs on solar so it's not a big issue but it practically hasn't been switched off since I bought it about 8 years ago except for updates and the odd clean.

The L2 switch was some old tp-link thing that had really weird vlan protocols even some friends who were network engineers had no clue what was going on so I replaced it with a Netgear L2+ which I worked out in 5minutes of installing, the old tp-link thing got demoted to practically a Poe hub for cctv.

the smart home stuff and cctv is great on its own physical network, as you said having 3x the bandwidth is handy but I'm starting to find the smart home stuff is starting to slow down and might need to be separated more, maybe just more access points.

Old networking stuff here in Thailand is more expensive and less choice development has been fast but it's all been in a short period of time, full ftth network nation wide 10 years ago (everyone kept stealing the copper cables so they switched to fibre incredibly fast).
 
Dave911 said:
I have a Cloud server setup as a vpn router.
My remote devices ( computers) log into the vpn server via Wireguard autonomously. If I want to access them remotely, I vpn into the same server at a virtual IP address that was setup to route to the remote device. I can do anything remotely via ethernet that I would locally. I have two remote video security systems and a camera on a dock post that monitors my boat to make sure the boats tied up securely and not taking on water. The boat computer is a RPI that is connected to the marina wifi.
Its been up and running for 6+ years.
The software is all free open source. If you can do some Linux configuration, it's not hard.
If I want to make a remote change, I just do it and then reboot the remote device. The device logs back into the vpn cloud server and the change is done.
This setup drills through firewalls since everything starts as an outbound connection. Ive used it to program devices remotely and it scares some customers because it goes right through their firewalls.
I use Digital Ocean for the cloud server. I think its $7 per month.
Click to expand...

Yep, we do this extensively daily. We have lots of servers running in DO, Vultr and AWS and run Wireguard also. You can set this all up yourself like you did and like we do, or there are fancy name deployment packages you can install like SD-WAN or SD-Edge to accomplish the same thing but come with a licensing fee. They all do exactly what we do and as you described.

We have 1000's of cameras, and 1000's of VOIP phones all running on T-Mobile Business 5G high speed internet connections all connecting back to our various hosted deployments on VULTR, DO and AWS..

Are you running and mirroring or redundancy in case say DO goes down? We run redundancy across at least 2 providers. While they dont go down often, we did have an event where AWS and DO went down but VULTR did not a year or two ago. This affected a lot of people across the country, especially VOIP. We also build and run our cloud hosted VOIP servers on these cloud platforms.
 
I would like to know what this is sending to China, from my network.
controlbyweb.com

WebRelay™ | Single Relay & Input Module

WebRelay provides remote relay control and digital input monitoring over any IP network. It features a remote reboot mode for servers or IP cameras. WebRelay has a built-in web server which allows for control and monitoring of a device using a standard web browser. No programming required.
controlbyweb.com controlbyweb.com

Installed Wireshark on a Pi that shares the Ethernet switch w/ the webrelay device.

Found commands that will "bond" the Juniper Networks switch ports for the Pi and webrelay
together, so the Pi can see the webrelay traffic.

But still have not learned Wireshark, too many other things need my time & energy.

Ubiquity Edgerouter firewall between my net and internet, hope that helps a bit.
 
ThaiTaffy said:
It's all on an isolated network that I can access via a VPN tunnel on my router. Best way to describe it is I have a router that has all my smart home items on it but not connected to the internet then I have another router that allows a single encrypted connection to said router.
Click to expand...

I don't understand how anything can be connected to the internet and secure from break-in and damage.

Unless, internet connected computer and protected system are connected through a set of wires which send requests and receive data, with a fixed set of commands that are recognized and carried out. No ability to transfer and install code, etc.

BarracudaBob said:
I was tempted to take an HDMI output from solar's assistant and then somehow have that available via internet so I can monitor things but there was no way you could get back to the raspberry pi to make changes
Click to expand...

I'm pretty sure HDMI is a 2-way street.

I think you need to modulate it into an analog signal, then run through MPEG compression back to digital. That SHOULD be unidirectional.

But to be safe, just set up a webcam and put up with the bands in the image.

And hope that heat output from one computer isn't demodulated by the other and used as commands. Better put in a different room with just camera cable or better light passes between them.
 
You must log in or register to reply here.

Similar threads

M
Solar/Battery/Grid system based on EG4 18KPV Powerpro
2
Replies
49
Views
3K
solarlunar
S
T
14.4 KW solar, 40.96 kWh backup, 2 solark 15k inverters, off grid family home, doable or delusional?
2 3 4
Replies
83
Views
6K
Bop
B

diy solar

diy solar
Back
Top