An open source port scanner that is helping some bad guys

An open source port scanning tool, masscan, is being used to repeatedly attack my web sites. There are certainly lots of such tools widely available that even criminals with no skills can get their hands on and randomly try to break sites. IT security is a never ending quest that is best left to dedicated professionals.

Port scanning is one of those annoying activities that the bad guys may use while attempting to try and find back doors on systems. The principle is simple, find out what ports a system has left open, if you recognise any, try a dictionary like attack on these ports. All it takes is a simple bot.

Last few months, I have noticed multiple port scan attacks at my web sites from a user agent “masscan/1.0”. I dug a little and found this to be coming from an open source tool, the project on Github:

robertdavidgraham/masscan

So, it seems that some people have found this tool, and are now randomly targeting web sites with it. To what aim, I can’t tell for sure. It is certainly reprehensible to be poking at someone’s doors without their consent, everybody knows this.

I’ve also noticed lots of attempts to run PHP scripts, they seem to be looking for PhpMyAdmin. Fortunately I don’t run anything with PHP. If I did, I would harden it significantly and have it permanently monitored for possible attacks.

Most of the attacks on my web sites originate from, in this order: China, Ukraine, Russia, Poland, Romania, and occasionally, the US.

You don’t need anything sophisticated to detect these kind of attacks, your web server log is an obvious place. Putting a firewall in place is a no-brainer, just block everything except normal web site http and https traffics. You can invest also more in tools, then the question is if you’re not better off just hosting at a well known provider.

This is just one instance, and there are infinitely many, where even the dumbest criminals are getting their hands on tools to try and break into systems. Cloud hosting are getting cheaper all the time, soon it will cost nothing to host some program that can wander about the Internet unfettered. Proportionally, it is getting exponentially easier to attack web sites, while at the same time, it is getting an order of magnitude higher to keep sites secure.

I do see a shimmering light, container technologies provide for a perfect throwable computing experience. Just start a container, keep it stateless, carry out some tasks, when done, throw it away. Just like that. This may reduce the exposure in some cases, it won’t be sustainable for providing an on-going long-running service.

IT security is a never ending quest that is best left to dedicated professionals. I am just casually checking these web sites that I run. At the moment, I haven’t deployed any sensitive data on these sites yet. When I do, I will make sure they are super hardened and manned properly, likely a SaaS provider rather than spending my time dealing with this.

Nice post: “Architecture in Context – Part 1”, By Charlie Alfred and Gene Hughson

When dealing with architecture, it is important that the context is filled spelled out. And context has multiple dimensions, when some of that is missing, the context may be poorly understood, endeavours may then become disconnected from reality.

Architecture in Context – Part 1 | Form Follows Function.

It’s really important to remind folks about context, this is a great take at it. The multidimensional aspect could easily be overlooked. Namely, the environment, time continuum, these bring about constraints that help to frame the context, and usually stakeholders don’t have any control over these other dimensions. When some of this is missing, endeavours may become disconnected from reality.

In my opinion, this isn’t stated often enough, instead a lot of debate tend to centre around definitions and the latest-fashion.

Handy shortcut to keep WiFi running on OS Yosemite: restart the DNS resolver

A handy shortcut to help keep WiFi running on MacBook Pro with OS X Yosemite. The DNS resolver appear to be problematic with WiFi, it will frequently lose network connection, sometimes it won’t connect for long minutes. By restarting it, most of the time the issue goes away. I made a handy bash script to do this.

A long time ago, while I was studying, I had a PC running Microsoft Windows 2 (yes indeed, Windows version 2). It came with a program called Write, which I was using to type my homework and eventually my graduation assignment. This thing was unstable, it crashed so often that I learned to press CTRL+S at the end of every line of text that I typed on it, to be sure that I didn’t lose my work. The habit never left me. It wasn’t until about 4 or 5 years ago, long after I had already switched to Mac and didn’t need to worry about CTRL+S, that I finally lost the habit of instinctively hitting that key combination every few minutes.

I have an annoying issue with my Mac, it just randomly loses network connection, sometimes it won’t connect at all for  a few minutes. After a couple of updates that promised to have fixed the issue, it’s still there. I made this shortcut, very short bash scripts that I placed in my .bash_profile startup script.

$ alias down-discoveryd='sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.discoveryd.plist'
$ alias up-discoveryd='sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.discoveryd.plist'
$ alias restart-network='down-discoveryd && sleep 3 && up-discoveryd'

One line would have been enough, but I wanted it a little pretty, so I made three. I added a small delay, for good measure, though I think it could also be omitted. The only command I need to run is the last one, restart-network, I get prompted for the admin password, and the service is restarted. If the network is still not restored, I run it again, and again. After 2 or 3 attempts, I get my network connection back and I can continue working.

I find myself using this shortcut very frequently. It has become my new CTRL+S. Unfortunately.