Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

These are Amazon ranges. You're most likely blocking random aws load balancers including more than just brother servers. Also the brother servers can be redeployed at any point. It's likely better to prevent the dns name resolution instead.


I'd suggest switching from a blacklist to a whitelist mindset. In this case, allow the printer only access to the local network.


I'd be even more paranoid and connect the printer via USB only. You can then run your own print server if you want to support printing from multiple devices.


The printer might be using encrypted DNS.


Very unlikely. At least not without a fallback. Lots of corps will not allow encrypted dns because they want good traffic monitoring for threat detection. It may be an option, but it almost certainly won't be enforced.


A plain UDP fallback won't help you if the printer can get to it servers without needing it in your home network. DNS-level filtering is pointless for devices you don't control.


For malicious devices, sure. But a printer will do the basics and just use dns. There's no upside more important than a risk of whole bunch of devices just not being able to work. There's really no clever and sneaky functionality there.


Maybe the "Enterprise-grade" printer that costs twice as much and doesn't do the annoying things. Like how Enterprise versions of Windows let you disable certain stuff.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: