Areas of Expertise:
- FreeBSD
- OpenBSD
- documentation
- PF
- consulting
- speaking
- writing
Biography
Books
|
|
(Blog
Peter N.M.'s blog posts are hosted at:
http://bsdly.blogspot.com/
http://bsdly.blogspot.com/
October 04 2009
Spamwashers hijacked, a wake-up call for lazy sysadmins everywhere. The slow bruteforcers are back for another round.A new round of slow, distributed bruteforce attacks is in progress. Just like the other times we know about (see references later), the initial target is root. This time around I see only one… read moreThe slow brute zombies are back
April 12 2009
Real-life zombies feed off weak passwords.Regular readers will remember that late last year we saw a peculiar form of distributed bruteforce attack on certain ssh servers. What made this particular batch of failed login attempts stand out was that unlike the traditional rapid-fire bruteforce attempts we were quite adept at… read moreOh yes, you signed up for this. You did. Honest.
March 22 2009
Honesty in marketing. You may have heard of it.It may come as a surprise to some, but I generally do not spend much time on spam related matters. Occasionally I need to do some manual labor to keep spamd and spamassasin in trim, but at most times my little robot… read moreWhat have the black boxes wrought
March 14 2009
How compartmentalization turned into a security disaster. Greed, incompetence and dishonesty was involved.IT security or the lack of any such thing has grabbed headlines lately here in Norway. A series of high profile public institutions have seen large scale worm infections on their Microsoft based networks. Late last year the… read moreThe slow brutes, a findal roundup
January 22 2009
The slow brutes stopped their churning. Their last call was for sophia.Over the last few columns, we have followed the progress of what appears to be a botnet cloud's attempt at gaining access to a couple of FreeBSD machines I have in my care. One of my predictions about the… read moreInto a new year, slowly pounding the gates
December 21 2008
The distributed but clearly coordinated bruteforcers are still at it. How long until they reach the end of the alphabet? And why are they staying away from my OpenBSD machines? Are we seeing the contours of a controlling intelligence?As large parts of the Western world prepares for the holidays, the… read moreA Small Update About The Slow Brutes
December 06 2008
Slow and steady might actually do it, eventually.The reactions to my December 2nd column hit me with a bit of surprise. The column was taken on by slashdot and Linux Today both, producing a largish number of page views, but only two clicks on my featured ads. But while my… read moreA low intensity, distributed bruteforce attempt
December 02 2008
We have seen the future of botnets, and it is a distributed, low-key affair. Are sites running free software finally becoming malware targets?Phase 1: “That's odd …”During the last few weeks, I noticed an anomaly in the authenticationlogs on one of my listening posts. There were a larger than usualnumber… read moreIETF failed to account for greylisting
October 20 2008
The potential for conflict between greylisting and sites with large pools of outgoing SMTP senders is well known and in need of resolution. Why does the SMTP RFC moving along the standards track fail to address this?Standardization efforts rarely grab headlines. Except in rather exceptional circumstances (think Microsoft's recent ISO… read more“Name and Shame”, or socially responsible use of your log data
September 22 2008
Your logs contain an ever-growing mass of data on spammers. How about making an effort to make that data useful to others?Those of us who run email services know, from sometimes painful experience, what it takes to ensure that the minimum possible amount of unwanted advertising and scams that may… read more[.NO] “Name and Shame” eller samfunnsnyttig bruk av loggdata om spammere
August 31 2008
Today's post is in Norwegian - I'll be back in English laterVi sitter med stadig voksende mengder med data om spammere. Kan vi bruke dette på en måte som er nyttig for andre?Vi som selv står for driften av eposttjenester vet av tidvis smertelig erfaring hva som skal til for… read moreAugust 27 2008
Search engine optimization, deflowered.Logs are important. Depending on the specific kind of log, the data may shape lives and generate fortunes (how many times were those ads displayed, your clickthrough rate), reveal suspicious behavior and trigger actions (such as shutting the door to that bruteforcer) or provide sysadmins such as… read moreIs one of your machines secretly a spambot?
August 09 2008
Some times we just need facts on the table, automated.In my previous blog post, I wondered aloud about publishing data about the machines that verifiably tried to spam us. The response was other than overwhelming, and with the script running once per day anyway, I now publish the results via… read moreNow that we have their addresses, do we name and shame?
August 07 2008
Earlier this week a friendly Australian who I think had been reading my blog sent me a few questions about spam, spammers and what to do with them. Would it for example be useful to forward the IP addresses in the local traplist to law enforcement? After all, I publish… read moreIs there really a market for an open source router?
July 02 2008
Open source goodness. Coming soon to a router near you (if it isn't there already).I have a confession to make. Today's headline isn't mine. I snatched it from Dana Blankenhorn's June 30th piece over at ZDNet. It almost made me utter a Simpsonian grunt and start ranting about my more… read more
