Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - SPAM: Forcing the password gropers through a smaller hole with OpenBSD's PF queues writes: While preparing material for the upcoming BSDCan PF and networking tutorial, I realized that the pop3 gropers (previously reported here) were actually not much fun to watch anymore. So I used the traffic shaping features of my OpenBSD firewall to let the miscreants inflict some pain on themselves. Watching logs became fun again. Read the full story here for how to use traffic shaping as effective (and fun!) network defense.
Link to Original Source

Submission + - NSA Front Equation Group May In Fact Be Russian ( writes: The well-known NSA front or hackers-for-hire The Equation Group may in fact be Russian, or at least operating out of a 'forward base' close to Russian networks, if Peter Hansteen reads subtle hints in the recent Shadow Brokers data dump correctly. The clue: Several Russian hosts identified by RFC1918 local net addresses. You can read the whole story, with links to the data, here.

Submission + - SPAM: The Voicemail Scam Spam Campaign Never Got Past OpenBSD Greylisting writes: "We usually don't see much of the scammy spam and malware", writes Peter Hansteen, "But that one time we went looking for them, we found a campaign where our OpenBSD greylisting setup was 100% effective in stopping the miscreants' messages." The article The Voicemail Scammers Never Got Past Our OpenBSD Greylisting shows how that scammy spam campaign looked like from behind a simple greylisting setup, with links to relevant data and articles.
Link to Original Source

Submission + - Chinese Are Hunting Chinese Over POP3 In Fjord Country ( writes: Yes, you read that right: There is a coordinated effort in progress to steal Chinese-sounding users' mail, targeting machines at the opposite end of the Eurasian landmass (and probably elsewhere), with the attempts coming exclusively from Chinese networks. This weirdness of course turned up on Peter Hansteen's doorstep (or rather his servers), and it's the topic of his latest column.

Submission + - Have Google forgotten what a joejob is? Or is it bullying smaller operators? ( writes: Joejobs are a fact of life for everyone running a mail service. In his latest piece, Does Your Email Provider Know What A "Joejob" is? Peter Hansteen describes an investigation into why messages sent to Google hosted domains started disappearing into thin air. An unexpected bounce message provided clues, but the question remains, is this a matter of incompetence, bad luck or something more sinister like one operator trying to bully itself into dominance?

Comment Fixable with simple PF rules (Score 2) 265

To me this sounds like the main problem is the "security" device that's generating a lot of noise.

My solution would be to put something (very low power gear will do) running a recent OpenBSD and a PF ruleset with overflow rules modeled on the ones outlined here in front of that whiny device. The ruleset would need to be modified to fit the observed traffic, of course. Then anyone who fits the profile of unwanted traffic simply auto-LART themselves into the table of blocked addresses.

With a properly placed adaptive firewall like that, the noisemaker would likely not see enough of the traffic to trigger any of the useless warnings.

Comment Time for grownups and law enforcement to step in (Score 2) 618

In a country where law enforcement seems quite eager to use lethal force agains perceived threats, why are death threats like those mentioned numerous times here not at least investigated by relevant law enforcement agencies?

In all seriousness, violence or threats of the same are not part of 'debate'. If anyone is laboring under that illusion, it's high time grownups stepped in, preferably with law enforcement of the anti-terrorist kind in tow. In civilized countries, death threats could easily lead to jail time.

Comment Easy, make them less rich (Score 5, Insightful) 444

Most societies would be more than willing to help ease the terrible burden of an abundance of assets. Raising the taxes on high incomes and capital gains would help reverse the Reagan-era onwards trend of wealth redistribution towards the higher income and wealth segments of society. We now know that wealth did not start trickling downwards, and grownups need to step in to correct the mistakes.

Submission + - Coming Soon to OpenBSD/amd64: A Native Hypervisor ( writes: Earlier today, Mike Larkin (mlarkin@) published a teaser for something he's been working on for a while. Then a little later in the day, an announcement appeared on tech@:

TL;DR — a native hypervisor is coming. stay tuned.

For the last few months, I've been working on a hypervisor for OpenBSD. The idea for this started a few years ago, and after playing around with it from time to time, things really started to take shape around the time of the Brisbane hackathon earlier this year. As development accelerated, the OpenBSD Foundation generously offered to fund the project so that I could focus on it in more earnest.

See the full story over on the OpenBSD Journal news site.

Comment Code not available, will it ever be? (Score 2) 168

It's now August, the conference where they'll be presenting their work is in October, and the article is a tad short on specifics. They've done a formally verified formal verification of a filesystem. if it works, that's excellent news of course, but I'd wait until we have seen the thing work and with actual code to examine before making any comments or bets on how useful this is going to be. And this being an open source-oriented site, we should be asking whether the code will indeed be available under any kind of usable open source license.

Submission + - The OpenSSH Bug That Wasn't ( writes: Get your facts straight before reporting, is the main takeaway from Peter Hansteen's latest piece, The OpenSSH Bug That Wasn't. OpenSSH servers that are set up to use PAM for authentication and with a very specific (non-default on OpenBSD and most other places) setup are in fact vulnerable, and fixing the configuration is trivial.

Comment Password guessing attacks are a fact of life, so (Score 1) 157

we hit the max title length, but the second part is "and so is the existence of bugs in any non-trivial piece of software".

Re-using the existing connection is of course useful to fend off the traditional killing techniques for rapid-fire password guessers (such as and similar), but you still have to come up with the set of bytes that will let you authenticate. Which leads to the other thing --

The clowns I have been writing about ("The Hail Mary Cloud" -- and links therein) used a totally different approach, but the general advice re passwords and other issues given in the conclusions apply here too.

Slashdot Top Deals

Too much of everything is just enough. -- Bob Wier