Something odd is happening in the botnet world…

I’m seeing a lot of junk packet traffic from random new sources mid-morning EDT (starting 1400 UTC) today, after a few days of the mostly-nighttime (2000-0600 UTC) newbies drying up after the #Qakbot takedown.
I had a full 4 hours of quiet last night, but this morning I have far more than normal traffic to mail-related ports on unused IPs in a range with lots of mail services. No real change in cred-stuffing efforts.

#InfoSec #Sysadminnery

#Qakbot takedown seems to have changed the cadence of junk packets* hitting our main mail system. Went for 2+ hours this morning without seeing any new bullshit sources. I had to verify that everything was still working…

*: I’d call them “attacks” like everyone else, but let’s be serious: no machine I run will ever be vulnerable to this crap.

#Sysadminnery

Support tech was onsite today to go through customer’s retired devices to triage/reload them and plugged one into the network to start.

Within seconds I’ve got a dozen alerts from the local honeypot screaming about something trying to telnet and ssh in as root, admin, and user. And the monitoring of the ASA freaks out because it just had to burst its connection limit by ~20%

Apparently there was something evil on that laptop...

#Sysadminnery

BEWARE macOS USERS!!!!!
Oy.
Here’s a thought: if you do not understand what #Apple’s “Gatekeeper” and “Notarization” do to protect you from this sort of thing, YOU SHOULD NOT DISCARD THEIR PROTECTIONS!!!!
If you DO decide to work around them to try out some new software that somehow you’re the first person to ever see, protect yourself when doing so. If you don’t understand the tactics necessary to protect yourself, DO NOT DO THAT!

#InfoSec #Sysadminnery #IWeep6Colors https://mstdn.social/@YourAnonRiots/110935178093827840

Wow. 8 hours in, #Microsoft is still sending the vaguest possible descriptions of the maybe-problem with #Azure #DNS and what they’e tried to resolve it. Still not fixed.
I’m betting this is another #InfoSec blunder.

So glad this customer is still in pre-prod mode so the problem(?) isn’t breaking anything that anyone notices...

#MS #ShoddySecurity #Sysadminnery

And no, I’m not calling Duo sketchy. But I am happy to have a little Alpine VM running freeradius answering all my users’ important TOTP authentication questions. It’s a rounding error in effort and energy cost, which the support cost of one bad day would not be.

#infosec #sysadminnery

This is one of those days when I'm glad to have a policy of responding to #infosec vendor spam with variations on "fuck off, I never work with spammers" because it means I don't ever have to make excuses for sketchy vendors.

#SubberThanSubtoooot #Sysadminnery

Why are 2 ‘net’ processes eating all the cpu on this dysfunctional QNAP box?

#Sysadminnery #UnanswerableQuestions

It says something very sad about my “profession” that the most common error my peers make with their mail servers seems to be cargo-culting TLS configurations from random how-to web pages.

I don’t say that because it is a particularly dumb error, but because it has withstood the challenge of many years of highly-regarded people who know better saying “do not do this” very publicly. (No, I do not mean me.)

#Sysadminnery

I confess that part of the trouble is having 4 not-very-distinguishable voices out of 6 speaking Indian Standard English, mostly to each other, at full Mumbai speed.

#Sysadminnery

This Zoom call should have been a carefully organized PDF.

#Sysadminnery

I proposed a 2FA hack-on for a (non-open) webmail system 2 years ago that the customer ultimately passed on.
Now they want it.
I reviewed my notes, deployed the script, and flipped a couple switches on the test system and yup: pw+totp in the password field works. Cool. Now it's just data entry and logistics. Thumbs up!
But wait...
Just the password still works too. Turns out I had not checked.
The ‘external auth’ hook only gets called if internal auth fails.

#FML #Sysadminnery

I have just been required to upgrade the *embedded* PostgreSQL within Gitlab(CE) outside of any package manager. Which is possible because they've apparently bundled multiple versions of PostgreSQL within the distributed RPM going back some time, but not forced an upgrade until the latest major version.

I do not understand what they were thinking, unless it was "This will teach them for self-hosting!"

#Sysadminnery

Dark Pattern: “You must install the highest patch level of specific minor revisions in order, rather than upgrade directly from version x.* to version z.*, and you need to look at the independent release notes for each minor rev branch to figure out which ones those are exactly. Oh, and there might be 1-5 long-running background and/or manually-run tasks that have to be completed in between updates.”

Whoever is doing that packaging hates sysadmins.
#Sysadminnery

My biggest day-to-day nuisance is working on machines where ^T doesn’t work.

#Sysadminnery

Kinda hate the whole RoR architecture. Hostile to #Sysadminnery .
Completely unhappy with my gitlab updating situation. Very cargo-culty. Ritually dead livestock everywhere. Copypasta commands from official docs and error messages only, have not yet resorted to StackExchange.
It would be slightly less grumpy-making if we still had anyone using gitlab. I feel like I’m tending Lenin’s corpse.

LOL… but it is a dark evil laugh…
Just had to secure an image server that had an open tftp service.
A whole lot of IPs in HK were grabbing pxelinux.0
I may have broken something… which shouldn’t have been doing that.
I’m deeply hating the bozos who set this machine up.

#Sysadminnery #InfoSec

Last week I solved a problem that has been kicking my ass since December.
I’m not happy about it.

Because I solved it, yet I do not 100% understand it. It was somewhere inside a logical silo I could not see into. I tried, I failed. Storage abstraction/virtualization on a complex secure network is hard, y’all…

So I caved in to mediocrity, cleared a physical node, & put that whole mail system on bare metal about 4x beefier than its peak loads can justify. Runs great. Hate it.
#Sysadminnery

I am the Dr. Frankenstein of bespoke rsync-hardlinked backups.

#Sysadminnery #NoContext4You

Always make sure that all virtual disks for production instances are persistent. It matters.

#Sysadminnery