Posts

Fail2ban with VYOS API

Introduction I, like many people, found that I was getting a few failed ssh attempts per day. I looked at a root account facing the internet and found a little over 32000 failed attempts per day. Rest assured, these are low-skill attacks with a pretty low risk of compromise, but still, there are a few things that still makes me want to respond to it. Firstly, it's a lot of noise in the logs. It fills disks and makes it hard to see more dangerous attacks. Second, this confirms malicious intent. Maybe it's just a compromised box that is now part of a botnet, but you never know if it's going to be a platform for another attack. Finally, even though it's a low probability of compromise, there is still a chance. I know most of these attacks are checking for things like 10-year-old linksys WAPs with default passwords, but there is also the worst case out there, distributed brute force attacks and password spraying. My decision was to block this traffic, but then the next ques...
Post a Comment
Read more

Super Raspberry

 There's a list called TOP500 , indexing the 500 most powerful (known) computers.  Obviously, the NSA's super secret computers aren't on the list.    This list has been around for many years, released every June and November.    Topping the list in June 2022 is the Frontier HPE CRAY EX235A.  This absolute beast runs 8,730,112 AMD cores, rated at 1,685.65 PFlop/s.   Let me rewrite that a few times:  1.6 Exaflots/second. 1685650Teraflops/s.  1685650000 Gigaflops/s. But I want to call your attention to an older version, published in July, 1997.   That year's #500 was SX-4/4, built by NEC for the Houston Area Research Center in the USA.  With it's 8GFlops/S, this nearly doubled November 1996's last place computer in the  Goodyear  Technical Center in Luxembourg, clocking in at 4.6GFLOPS.  This is quite a bit slower than the créme-de-la-créme of 25 years later.  It sure shows the march of progress....
Post a Comment
Read more

New Blog, take 4096

 I think I've started more blogs than I've had posts, but hopefully, I'll like this one enough to keep it up!
Post a Comment
Location: New York, NY, USA
Read more

Minecraft-FTB-Endeavour-Linux

  Minecraft-FTB-Endeavour-Linux #quicknote   #minecraft Quick note I was setting up FTB Endeavour, and the latest version gave me an error forge-1.16.5-36.2.2 could not be downloaded The solution was to download and run forge-1.16.5-36.2.2-installer.jar, and install it at ~/.ftba/bin or whatver your  *profile*json  file is located. meta © 2021 All Rights Reserved First published: October 31, 2021
Post a Comment
Read more

DNS Amplification Attack

Introduction  A few years ago, perhaps 2012 or 2013, my normally OK internet began to slow down.  Pretty soon, everything was skipping, downloads took forever.  Watching YouTube was painful (and not because of the ads this time).  There's always a bit of variation, and this is home-internet, so it was a few days till I investigated.    The source of the problems was quite a surprise to me, I was the unwitting co-conspirator, and co-victim, in a 65GB DDoS attack! How did this work? Was I infected by some malware and now part of a bot net that some evil attacker was using?  No, but there was a botnet, and it was using me - without even buying me dinner first! The attack was using a method called "DNS Amplification Attack,", making use of my open DNS server.  I host my own domain, so I ran a DNS server that was open so that any system on the internet to look up the IP addresses for my websites and other services.   We- collectively the whol...
Post a Comment
Read more