forum.pistar.uk

I am getting notifications of security threat blocked by Xfinity on my Pi-Star hotspot from Xfinity, my ISP. I have all the settings in Firewall configuration set to private plus Node type is set to private. Should I be concerned?

Did you change the password on your Pi-Star installation from the default one to something more secure?

WB3IHY wrote: ↑Fri Jul 10, 2020 2:19 pm Did you change the password on your Pi-Star installation from the default one to something more secure?

Ahah, No I did not. I will go change that now, thanks.

K2CQW wrote: ↑Fri Jul 10, 2020 1:53 pm I am getting notifications of security threat blocked by Xfinity on my Pi-Star hotspot from Xfinity, my ISP. I have all the settings in Firewall configuration set to private plus Node type is set to private. Should I be concerned?

Your description sounds more like there is some Xfinity configuration that needs to be checked... It may not like some port used by Pi-Star software...

I somehow doubt your ISP is somehow detecting that you are running Pi-Star and is attempting to log into the box from outside your network. (Are you getting the messages from your ISP or from your router itself?)

K2CQW wrote: ↑Fri Jul 10, 2020 3:38 pm Ahah, No I did not. I will go change that now, thanks.

My fear is that someone may have compromised your Pi-Star, introducing code that is "up to no good," which in turn may be triggering Xfinity's threat detection.

Don't laugh: A ham friend of mine in New Jersey had that very scenario happen to him. He forgot to change the default password in one of his Pi-Star hotspots. Didn't notice anything out of the ordinary...until he started getting DMCA notices from (then Comcast) claiming that he was downloading movies illegally. Turns out someone had hacked his Pi-Star and turned it into a BitTorrent/Botnet proxy! Also used it as a foothold to hack many other things on the inside of his network.

AF6VN wrote: ↑Fri Jul 10, 2020 4:43 pm [ (Are you getting the messages from your ISP or from your router itself?)

ISP, see my original post.

I changed the password and I have not seen any attacks since then. thanks to all. 73