Comment Re:Best Part (Score 1) 174
Some intruders download Windows service packs to check the bandwidth available.
Some intruders download Windows service packs to check the bandwidth available.
Theobroma hit retail availability two years ago, and is pretty widely carried. When in season, it's not hard to find - ask your retailer to ask their distributor to get some stock. Follow @dogfishbeer on twitter to know when they're brewing which recipe.
... retail locations, all in Delaware.
Their products are available (almost*) nationwide, and in some international locations.
* Except for a small number of states that do not permit distribution of regular-ABV beers.
We started using BlockHosts to feed iptables rules, and our failure logs went from 30-50k per day to 100. Basically, with more than 'x' failed logins within 'y' time frame, the source IP is blocked for 'z' time period. Since it uses iptables, you could block it from just the ssh port, or the entire system (we do the latter).
All three variables are configurable, and we also have whitelisted a few select standby IPs for contingency use. (As another poster said, you **will** lock yourself out eventually.)
You said
"HTTPS only works one IP per host, so that gives a positive track to where they were going."
That is not correct. If you inspect HTTPS traffic you'll see that clients issue something like the following:
CONNECT www.myawesomehost.net:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
Proxy-Connection: keep-alive
Host: www.myawesomehost.net
The same IP address can host www.myawesomehost.net and plenty of other Web sites. With HTTPS the Feds would just track the CONNECT and Host: fields since those are in the clear.
"I know the book has pissed some people off, especially when I take on their particular sacred cows (e.g., intrusion detection)."
"Sacred cows" have nothing to do with it. The book just isn't that interesting.
Richard Bejtlich from the TaoSecurity Blog was invited by NSA's Tony Sager to visit the CDX in person:
http://taosecurity.blogspot.com/2009/05/thoughts-on-2009-cdx.html
Bejtlich mentions that CDX participants were given a budget for the exercise. This means it cost them "marks" (in exercise language) to replace the Windows images NSA provided with alternative systems like FreeBSD or Linux. That decision caused the team to have less resources for other tasks.
The Army didn't win just because they used Linux. Bejtlich posts reasons why they won here:
http://taosecurity.blogspot.com/2009/05/lessons-from-cdx.html
Watch for a report from Melissa Hathaway, who is leading the effort. The linked
As a result of this discussion, the Association of Former Information Warriors was created.
LinkedIn Group:
http://www.linkedin.com/groups?about=&gid=1847393
Blog:
"I say we take off; nuke the site from orbit. It's the only way to be sure." - Corporal Hicks, in "Aliens"