Sleep has been pretty difficult for the last couple of weeks. It’s moderate effort to get to sleep, but if something wakes me up (like having to go to the bathroom) after a certain hour, I’m pretty much up for the day. This getting older business sucks sometimes.
One of my personal servers started losing disks in a hurry as I was reinstalling an OS — two in an hour. I think the RAID controller is gone. When I have some time with my better half outside the house (its full fans are loud) I will try to drop the “failed” disks back in and route around the failed RAID controller.
I also have a smaller server (in every respect, sadly — from 64GB DDR4 and 12TB of RAID10 down to 32GB DDR4 and 2GB of RAID1), so I’ve thrown PVE8 onto that and am building a couple of VMs on it. One’s a utility VM I’ll use for work, so I am more device-independent when I’m around the house. It’s a pain to unplug my work laptop and take it to another area of the house, but if I do most of the work on the VMs, I can grab the spare laptop and use that, instead.
My hope is that I can get the more powerful one up and going, as that could handle argus, too. I’ll probably move that to my virtualisation server at OVH, as it’s got enough room to make space for it.
Today’s a write-off for progress on mapping or tagging. Hopefully I’ll get some time on Sunday.
I’m trying another approach to mapping the address spaces (IPv4 and IPv6 now). It’s more or less the same process as before, but different classification criteria, and different grouping criteria. Single IPs are the order of the day, rather than ranges, and it’s all about confirmed contacts from each IP. I don’t know what it will turn up, but it’s interesting to see the patterns forming so quickly.
You can check out the IP ranges observed so far if you’re curious.
Note that these lists are not exhaustive. If I’m unsure about an entry (if it’s a bot, real person, etc.), I don’t add it.
I just noticed that I’m so in the habit of locking down ssh to my jumphost that I did it on my listeners, so I don’t have any ssh brute-force data yet. Oops. Unfiltered now, so expect to see some ssh brute force tags in the ranges above in the next day or two.
Well, not so much afraid, but I have set up a naked ForgeJo server in France. It’s secure, but has no firewall blocks. It’s got a decently large git repo on board for bots to get lost in. I don’t have a lot of tolerance for bots on my personal or work sites. I care little enough about the info here that I’m happy to let the bots slurp it all up. Besides, it’s just a mirror of the Rust programming language repository from GitHub.
I’ll also use the ForgeJo instance for my own deeply-public info (probably reworks of data files). I don’t have a ton of personal use for git these days.
The server is a little KS-C from OVH. CAD20 per month for the next three months will hold me over until I can spin up another virtualisation server. As usual, the day after I buy in, a better one comes online for a comparable price. The next one I get has to have vRack access, though — I need it to properly handle the netblocks across multiple servers in clustered mode. One node in Canada, the other in France.
The reason for the French node is to get a sense of how threats differ between geographic locations. The “conventional wisdom” is that they don’t at all “because the Internet is global”, but I’ve already proven that wrong to my satisfaction. Some threats are shared, but others are significantly different. That latter category is the much larger one, too.
Google publishes JSON files with IP ranges for various services, including Google cloud. They don’t see fit to include all of the ranges, though. They’ve chosen to populate RDNS for at least one of those ranges I’ve found, so there is very little question that it’s an omission. With Google, it’s safe to assume that all such omissions are intentional. With the number of employees they have and their alleged intelligence, this situation should properly be utterly impossible as an accident. They’re just too smart, right?
The problem when you tell people they’re the smartest is that they wind up doing incredibly stupid things, thinking that it’s invisible to everyone else. It’s not invisible, Google. We see you, and we’re judging you. The judgement is that you’re trying to be sneaky for whatever reason.
I don’t purchase Google services. Google isn’t good enough. This is one more reason why.
First, I have to finish up some VOIP phone provisioning for work. Well, it’s not first — I actually did my own stuff first.
One of the family businesses has gotten a lot more serious, and it was time to set up some proper infrastructure for it. Some of the web stuff happened yesterday. Given that we have a proper payment gateway now, we need proper contact information to go on peoples’ credit card bills. I don’t think anyone really wants their personal phone number on that, so off to VOIP.ms to set up some infrastructure.
The nice thing about VOIP.ms is that you can get set up with less than a CAD5 commitment. I grabbed local and toll-free DIDs, set up a couple of SIP accounts and call forwards to mobile phones, a time condition to gate things to voice mail outside of office hours, a ring group to allow either of us to take the call, “press 1 to accept” on the call so we can let it go if it’s not a good time or we’re in a position where we can’t talk, and a few other bits of scaffolding.
I’m still on the fence about whether to handle things primarily through SIP soft phones or forwards to our mobile phones. The nice thing about the SIP soft phones is that it maintains the company CID info when you call out — mobile phones, not so much. The ability to turn off the SIP soft phone and still keep regular, personal phone calls going is another big deal. It’ll take some experimenting to see whether it’ll work in practice, though.