lukas boosted

So, apparently: sharing brushes, tutorials and comic for free on the Internet will also get you death threats. I receive a lot of them right now (attachement, this morning).

Problem: my CMS Pluxml only shows IP adresses in admin. It has no other tools to take actions in case certains IP range detected (eg. put the comment offline and in a moderation queue).

So, I spent sunday coding my own system for that with as usual a nested set of yak shaving action.

Now I want my sunday back, please?

lukas boosted

OK so, if you're like me and have wanted to set up an SSL/TLS reverse proxy but ended up drowning in nginx/apache configs and bouncing off, check out Caddy: caddyserver.com/

Download the binary, run:

caddy reverse-proxy --from <yada> --to <yada> and BOOM, it automagically gets you the Let's Encrypt cert and everything Just Works.

Freaking magic I say :)

lukas boosted
lukas boosted

Weaponizing Censorship Middleboxes for TCP Reflected Traffic Amplification Attack

> Most of these nation-states are weak amplifiers (the Great Firewall of China only offers about 1.5x amplification, for example), but some of them offer more damaging amplifications, such as Saudi Arabia (~20x amplification)

And....

> We found a small number of infinite routing loops that traversed censorship infrastructure (notably in both China and Russia) that offered *infinite* amplification. 💣💥

geneva.cs.umd.edu/posts/usenix

Many years ago, a friend of mine told me it may be possible to exploit the Great Firewall of China for reflected amplification DDoS. This attack is real! #censorship #infosec #ddos

Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!