Hi, my little contribution about the well known subject ?
Many routers are not flexible/powerful enough to set firewall rules (the only reliable way to block updates) and other features such as ?url filtering? or ?parental control? are no good for https urls.
In these cases, the only solution to go is OpenDns feature called ?Web Content Filtering?, by which we can setup some domains to block.
Anyway, for OpenDns filtering to work properly, OpenDns has to know our ip address (so that it can apply our rules to our dns requests) but, unless we have a static ip, we have to notify our ip to OpenDns at every ip renewal (typically network disconnections, modem/router reboot, etc ?).
This job is automatically done by OpenDns Updater client (it?s just like a DDNS updater) which can run in PCs but also in routers and checks at given time intervals if ip address has changed.
But even with this scenario (OpenDns) don?t think you are safe about blocking updates !
When your line disconnects/reconnects and you have e new ip address, there is a little time frame with no protection at all (until OpenDns updater sends new ip to OpenDns servers): if Sammy TV is faster than OpenDns updater, your ip is unkown to OpenDns and DNS query performed by TV will have no filter and firmware update will take place.
So, IMHO OpenDns is not 100% safe to block updates and sooner or later a firmware update will go through.
But I think we have a simpler solution ? and here I ask for confirmations from Developers ?
Suppose we have root privileges, we disconnect network, setup etc/hosts file with well known ?127.0.0.1 msecnd.net? and ?127.0.0.1 samsungotn.net?, reboot TV, reconnect network.
Now our TV should block 100% fw updates.
Where am I wrong ?
Of course, I understand it's hard (if not impossible) to have root on latest firmware so, in the meantime, until root will be released on a given fw level, we have to keep network disconnected, or hope our ip changes are few and OpenDns updater is always very fast.
About fw updates blocking ... again
Re: About fw updates blocking ... again
/etc/hosts is NOT writeable 
Here is where "you are wrong"
One more thing is that root will be released AFTER fw updated
Here is where "you are wrong" One more thing is that root will be released AFTER fw updated
I do NOT support "latest fw" at ALL. If you have one you should block updates on router and wait for it to STOP being "latest":)
If you want me to help you please paste FULL log(s) to "spoiler"/"code" bbcodes or provide link(s) to pasted file(s) on https://pastebin.com Otherwise "NO HELP"!!!
If you want root DISABLE internet access to your device!!!!
DO NOT EVER INSTALL FIRMWARE UPGRADE !!!!
If you want me to help you please paste FULL log(s) to "spoiler"/"code" bbcodes or provide link(s) to pasted file(s) on https://pastebin.com Otherwise "NO HELP"!!!
If you want root DISABLE internet access to your device!!!!
DO NOT EVER INSTALL FIRMWARE UPGRADE !!!!
Re: About fw updates blocking ... again
Ok, thank you ... really didn't know about that ...sectroyer wrote:/etc/hosts is NOT writeable
Re: About fw updates blocking ... again
Hi, just to let you know about about my "final" solution to block sammy updates ...
Considering that:
- iptables (firewall rules) are not suitable because they work on ip address basis (not host basis, as we need)
- OpenDns leaves a little time frame of vulnerability
- host file is not writeable in rooted sammy (many thanks to sectroyer for the info !)
if your router is not flexible enough to block https host addresses (note the final s !!!), in my knowledge there are at least two other ways:
- http proxy (squid or others)
- dnsmask
Of course http proxy is not usual in home networks, but dnsmask is a feature that can be found in many router or access points.
For instance, my router don't have dnsmask but in my home network I have an access point with tomato firmware that has dnsmask, so I only had to add the two lines:
in the dnsmask section and tell my sammy I want the tomato AP to be it's DNS server, and the trick is done !
(use static ip address in network configuration, give default gateway as usual but write DNS server with the access point ip address)
Now msecnd.net and samsungotn.net are blocked only to my sammy tv, but still accessible to the rest of my home network.
Considering that:
- iptables (firewall rules) are not suitable because they work on ip address basis (not host basis, as we need)
- OpenDns leaves a little time frame of vulnerability
- host file is not writeable in rooted sammy (many thanks to sectroyer for the info !)
if your router is not flexible enough to block https host addresses (note the final s !!!), in my knowledge there are at least two other ways:
- http proxy (squid or others)
- dnsmask
Of course http proxy is not usual in home networks, but dnsmask is a feature that can be found in many router or access points.
For instance, my router don't have dnsmask but in my home network I have an access point with tomato firmware that has dnsmask, so I only had to add the two lines:
Code: Select all
address=/msecnd.net/127.0.0.1
address=/samsungotn.net/127.0.0.1(use static ip address in network configuration, give default gateway as usual but write DNS server with the access point ip address)
Now msecnd.net and samsungotn.net are blocked only to my sammy tv, but still accessible to the rest of my home network.
Re: About fw updates blocking ... again
Some images from my router.
How do I block samsung updates from these images?
How do I block samsung updates from these images?
Last edited by darkyuuki on Tue Nov 15, 2016 3:47 pm, edited 1 time in total.
Re: About fw updates blocking ... again
As I wrote before, firewall rules will not help ...
You should look for dnsmask, maybe in DNS (or Local Network) section.
If you report brand/model of your modem/router maybe we can help you more.
You should look for dnsmask, maybe in DNS (or Local Network) section.
If you report brand/model of your modem/router maybe we can help you more.
Re: About fw updates blocking ... again
IMHO it's best to block internet access
I do NOT support "latest fw" at ALL. If you have one you should block updates on router and wait for it to STOP being "latest":)
If you want me to help you please paste FULL log(s) to "spoiler"/"code" bbcodes or provide link(s) to pasted file(s) on https://pastebin.com Otherwise "NO HELP"!!!
If you want root DISABLE internet access to your device!!!!
DO NOT EVER INSTALL FIRMWARE UPGRADE !!!!
If you want me to help you please paste FULL log(s) to "spoiler"/"code" bbcodes or provide link(s) to pasted file(s) on https://pastebin.com Otherwise "NO HELP"!!!
If you want root DISABLE internet access to your device!!!!
DO NOT EVER INSTALL FIRMWARE UPGRADE !!!!
Re: About fw updates blocking ... again
My router is:
Brand: Sagemcom
Model: Fast5350GV
Brand: Sagemcom
Model: Fast5350GV
Re: About fw updates blocking ... again
Looks like your router can't handle dnsmasq with stock firmware.darkyuuki wrote:My router is:
Brand: Sagemcom
Model: Fast5350GV
You should switch to OpenWrt or DD-WRT (check first hw compatibility or you will brick your router !)
good luck.