Thanks for taking the time to share your experience with me! I'm sorry those things happened to you and that it had an effect on the way you play in the end.
A lot of the rules were in place to attempt to discourage some of the atrocious behavior I was subjected to.
No doubt, but I don't think microsoft spends money on that because they altruistically care about your online safety, I think they do it because they are pressured by monetary reasons.
I played a lot of Halo on Xbox live as a teenage girl in the late 2000's. I sincerely wish they were more stringent about cracking down on assholes.
I appreciate your perspective, thank you for sharing your experience.
One thing I don't understand is why the built in tools for self managing are insufficient, such as mute and block. If willing, I would be open to hearing your experience with that.
I was never on XBL really, but I've been a PC users on counterstrike and league of legends since their inceptions. I can't say if one service is worse than another but I did watch the efforts to stamp down toxicity over time. I don't know how successful these efforts were, it seemed futile at best.
Would you share if you feel the current efforts from services like this are effective in making you feel like it's a safer place for you to game?
The problem starts with these companies feeling obligated to police what you can say over chat. Just to be clear it's advertisers and payment services that necessitate that. The whole thing about trying to force a "non-toxic community" is a gaslight.
I'm of the opinion Americans want help and want to help others, but get lost in political rhetoric and a culture war designed to ensure no one gets anything.
Wrt lan deny all for the fam, it's mostly hard on gamers cuz games tend to use wide port ranges and outbound IPs are potentially home isp networks not the game servers. But yeah it takes some time and research to really lock it down.
Most stuff is running through web protocols though. So right off the bat you create allow rules for any LAN device to hit ports: 80, 8080, 443, 8443 which are your common http and https ports. That's gonna get most ppl what they need.
I do ASN based allows for certain applications like Google, Facebook, etc.
For consoles they're pretty locked down so just give them full allow to the Internet. I don't do that actually but it's probably the better way.
IOT devices get only the ports they need to the IPs they need.
when you said you are using unbound instead of using DoT forwarding, you mean instead of allowing clients to DoT forward, right?
No I mean my unbound resolves DNS for something like microsoft.com all by itself. It calls up the root name servers, finds the com nameservers, then asks the com nameservers for Microsoft. And for any subdomains it asks the MS name servers. This is instead of relying on external forwarding services like 8.8.8.8 or 1.1.1.1 or quad 9 or whatever. At least the former two are sure to be aggregating this data.
Additionally I do not allow devices on my network to reach out to external port 53, or 853 to circumvent lookups on my unbound by reaching out directly, which would then bypass the DNSBL. Anything for port 53 gets NAT'd to the unbound server. You can't redirect TLS attempts so those get hard blocked.
Curious to your IDS solution
Securicata is what opnsense uses. Pretty easy to set up.
I have an n100 box that I put opnsense on for routing, firewall, DHCP, DNS and IDS. It uses unbound for DNS and so I'm leveraging the blocklist functionality in unbound. And then I use unbound to resolve instead of using DoT forwarding.
Dnsbl is only a small component of effective network security. Arguably the firewall is most important and so I have a default deny all for any device on my LAN trying to reach the Internet.
All applications need specific allows. Thus internally no device can use dns over tls because 853 is blocked by default. Then I use a DNSBL to catch known DoH by domain since the cert is provided by domain name.
"Forgot my wallet?"