100% FREE RESOURCE
-
100% FREE RESOURCE
A practical #security guide for your mesh.
For #Reticulum #MeshCore and #Meshtastic node operators.
#OSINT exposure, active attack vectors, and how to harden the protocols against both.
The Hardened Mesh — Node Star Field Guide Vol. 10
What OSINT operators can collect from your mesh, what attackers can do to it, and how to make both jobs harder. A practical security guide for Reticulum, MeshCore, and Meshtastic operators.
Node Star (nodestar.net)
-
100% FREE RESOURCE
A practical #security guide for your mesh.
For #Reticulum #MeshCore and #Meshtastic node operators.
#OSINT exposure, active attack vectors, and how to harden the protocols against both.
The Hardened Mesh — Node Star Field Guide Vol. 10
What OSINT operators can collect from your mesh, what attackers can do to it, and how to make both jobs harder. A practical security guide for Reticulum, MeshCore, and Meshtastic operators.
Node Star (nodestar.net)
@nodestar I like the analysis, but wonder about identity spoofing. It is correct that you cannot impersonate a Reticulum address. But how do you share your current hash with others so they start trusting it? A social level impersonation (different hash, same claimed identity) is a valid attack vector too.
A scientifically fair comparison would include TOR that follows the same principles and is three decades older. Or the newest DTN option Bundle Protocol v7.
-
100% FREE RESOURCE
A practical #security guide for your mesh.
For #Reticulum #MeshCore and #Meshtastic node operators.
#OSINT exposure, active attack vectors, and how to harden the protocols against both.
The Hardened Mesh — Node Star Field Guide Vol. 10
What OSINT operators can collect from your mesh, what attackers can do to it, and how to make both jobs harder. A practical security guide for Reticulum, MeshCore, and Meshtastic operators.
Node Star (nodestar.net)
@nodestar Btw, about #LoRa in general.
First, it is very low speed and gives the authorities plenty of time for triangulation. All the typical devices are also pretty much line of sight only (+ bounces).
Second, it is unusual enough to mark the user for questioning. Operating such device in paranoid society might become unpleasant at least.
As an activist I would probably prefer ethernet, landline (modem+ppp) or wifi as the transport layer. Ubiquous and so not suspicious. Hidden in the crowd.
-
100% FREE RESOURCE
A practical #security guide for your mesh.
For #Reticulum #MeshCore and #Meshtastic node operators.
#OSINT exposure, active attack vectors, and how to harden the protocols against both.
The Hardened Mesh — Node Star Field Guide Vol. 10
What OSINT operators can collect from your mesh, what attackers can do to it, and how to make both jobs harder. A practical security guide for Reticulum, MeshCore, and Meshtastic operators.
Node Star (nodestar.net)
@nodestar this is fantastic! Thanks for the comprehensive write-up. Even for hobby / personal uses It can be hard to understand what is actually private vs public in this space. It took me a while to sus this out when I was looking for a solution for my property.
We'll have to beg you to add SpectraMesh to the list too!
-
100% FREE RESOURCE
A practical #security guide for your mesh.
For #Reticulum #MeshCore and #Meshtastic node operators.
#OSINT exposure, active attack vectors, and how to harden the protocols against both.
The Hardened Mesh — Node Star Field Guide Vol. 10
What OSINT operators can collect from your mesh, what attackers can do to it, and how to make both jobs harder. A practical security guide for Reticulum, MeshCore, and Meshtastic operators.
Node Star (nodestar.net)
@nodestar Pretty solid writeup! Maybe add the lack of forward secrecy (at least in meshcore I know about this) and that we must assume that all packets get logged all the time and forever.
-
@nodestar Btw, about #LoRa in general.
First, it is very low speed and gives the authorities plenty of time for triangulation. All the typical devices are also pretty much line of sight only (+ bounces).
Second, it is unusual enough to mark the user for questioning. Operating such device in paranoid society might become unpleasant at least.
As an activist I would probably prefer ethernet, landline (modem+ppp) or wifi as the transport layer. Ubiquous and so not suspicious. Hidden in the crowd.
-
R relay@relay.infosec.exchange shared this topic
