tag: security

A New Botnet is Targeting Network Infrastructure

4 Aug, 2020 - 4 minutes
Starting a little less than two weeks ago, my IDS sensors have been detecting the spread of a new botnet. Unlike previous Mirai botnets, this appears to specifically target the GNU/Linux firewall distribution, “ZeroShell”. While it’s not especially dangerous as far as botnets are concerned, it does appear to be rather vigorous when it sends probes. However, we got lucky this time. Just as quickly it appeared, the C&C server went offline stopping the spread of this worm dead in its tracks.

Being Attacked by Bots

18 Feb, 2020 - 6 minutes
On the 19th of January 2020, a malicious actor launched an attack against my home infrastructure. At 42 minutes after midnight a device located in Buenos Aires, Argentina began attacking my proxy server. For the next six minutes, approximately 150 malicious HTTP requests were made. Fortunately, every single one of these requests was met with a HTTP/400 response, that’s because I don’t use Apache Struts 2 which this bot was attempting to exploit.

Linux Firewall and IDS Appliance

14 Feb, 2020 - 10 minutes
Over the years, I’ve chewed through quite a few different routers, firewalls, even virtual appliances to connect my home network to the internet. Though most of these provided positive experiences, all of them had at least one point of friction, sometimes to the point of being a dealbreaker. PFSense is a great platform, but has terrible ethics. Sophos is proprietary and has an awful CLI. Untangle feels more like an ad than a product.