As a fledgling programmer, there was a bit of sick satisfaction when some of my shitty code would actually destroy a piece of hardware by something it did.
Obviously, I was not trying to destroy that video controller worth a few hundred bucks, but what I was trying to do shouldn’t have caused it to almost catch fire. Or not. It’s all DC, so the caps did exactly what they’re there to do when fed too much juice. (I looked to see if I could find this now-obsolete item, but couldn’t. I can’t even remember the name of the vendor. I bet if I dug back through my archives, I could find it, but…..I shouldn’t have been doing RS-232 programming. Yes, I have a science degree, but it’s in a non-technical science. The same thing would have probably wouldn’t have happened had I sort of gotten commands to come out of the port using the hot-language-du-jour, and not the correct language for the job, C.)
Seriously, I just sent too many commands to this thing too quickly, and it started smoking. If I’d been connected with a RS-232 cable, and could type about fifteen times faster than I do, the same thing would have happened.
Writing about this was inspired by some of the topics I’ve been tracking. Probably there was some discussion of things that happened with cyber attacks against the Colonial Pipeline, and Iran in this episode of The Fifth Column. There was also something that Amélie linked on Twitter, and led me down a rabbit hole.
I was in the midst of the ^H VM migration (a bit of recursion, likely, if you click that link), and playing with the various mess that is the IPTables replacement on Linux.
As I’ve gotten constant probes from certain bad areas, I’ve sort of taken the approach of temporary DROP operations with Fail2Ban. Repeated abuses come, and I start restricting entire countries.
rule family="ipv4" source address="222.160.0.0/11" drop
rule family="ipv4" source address="180.96.0.0/19" drop
I can remember when you’d use things like reject –reject-with-tcp-reset to try to really overload attackers’ network gear. I don’t do it anymore, because it’s just easier to let attackers’ attempts fall into the ether.
You’d be justified, even, in affirmative responses. No NAP violation, because you’d first been attached.
Probably.
And that I can’t be sure is part of why I’m just dropping shit.
But if I did know, for sure, that the attacks were actually originating from where it appears they are, immediate defensive response is justified.
There’s a reason nobody dares attack the Norks (see #4 there). They’ve got lots of big fucking guns. Even if half of them cook off on the first fire, they’ve killed millions of people in South Korea before those guns could all be taken out. No nukes needed.
Would covert action to eliminate some of those assets early be immoral?
The Colonial Pipeline and JBS attacks happened. Would retaliation for those attacks be justifiable? I think so. What about retaliatory attacks against other things in the area from whence the attacks came? I don’t know.
I can’t remember where I saw a discussion of this, and the question of transition from cyberwar to kinetic war.
The sorts of things that float around my scarred brain.