Peter N. M. Hansteen is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

Peter N. M. Hansteen @pitrh@mastodon.social

Preparing to submit to upcoming conferences, again working on the ever developing tutorial. The 2017 BSDCan version is at home.nuug.no/~peter/pftutorial - please do poke us with questions + suggestions (in comments or directly) on how we can make future sessions more useful!

I must admit I like 126.com 's /#dkim failure reports. They've taken care to include all relevant headers home.nuug.no/~peter/20171213_1 so I can use the report to blacklist the offending IP address *and* add the faked sender to my spamtraps at bsdly.net/~peter/traplist.shtm (also see bsdly.blogspot.no/2013/04/main for the blacklist maintenance principles).

It looks like at least part of the reason is that end user products ship with a default configuration that has admin as sole user with admin as the password, see eg 19216811.wiki/default-router-p. And apparently a lot of rpis out there run with the pi user still enabled (guess the password!). I get a lot of those too.

Looking at my sshd auth logs, I see almost as many attempts at admin as root. Was there ever a Unix variety with admin was a common username, or are we just seeing that it's early in their dictionary and all they get around to before the auto-LART? (as in bsdly.blogspot.no/2017/04/forc or home.nuug.no/~peter/pf/en/brut)

p2k17 Hackathon report: Florian Obser on network stack progress, kernel relinking and more undeadly.org/cgi?action=articl

Please remember that fun and useful things like bsdly.net/~peter/traplist.shtm exist because made them possible (an incomplete list of innovations is up at openbsd.org/innovations.html). So if you benefit from any of this, please donate, see the options listed at openbsd.org/donations.html.

Today the total number of spamtraps at bsdly.net/~peter/traplist.shtm rolled past 40k, mainly due to some dimwit feeding a DOS-style file to a Unix program, producing some hilarious invalid usernames used to try to log in to one of my boxes. Blacklisted hosts hover around 27k.

To view the full list, see bsdly.net/~peter/sortlist.txt (also included in the page). Your browser will semi-correctly interpret some entries as HTML tags and does not render the full page (for why see bsdly.blogspot.no/2016/12/so-s).

p2k17 Hackathon Report: Anthony J. Bentley on firmware, games and securing pkg_add runs undeadly.org/cgi?action=articl

p2k17 Hackathon report: Christian Weisgerber on random devices, build failures and gettext undeadly.org/cgi?action=articl

p2k17: Herzliche grusse vom Berlin (espie@ on mandoc, misc packages progress) undeadly.org/cgi?action=articl

What looks to be a new phishing round sends mail from ??DocumentSend@yourdomain.tld. Greylist dump from here at home.nuug.no/~peter/documentse - could be more out there, developing.

Do you use ? Or ,# LibreSSL or (on any platform)? Then donating to the OpenBSD Foundation is a good thing: openbsdfoundation.org/campaign. If you need more reasons, here's my "OpenBSD and you" presentation: home.nuug.no/~peter/openbsd_an

WARNING: There are people in charge of mail infrastructure that are ignorant enough to ask for copies of messages *with headers and body* when confronted with the scenario described in bsdly.blogspot.com/2017/08/twe