{"id":902,"date":"2014-01-20T00:53:28","date_gmt":"2014-01-20T05:53:28","guid":{"rendered":"http:\/\/control-h.org\/blog\/wordpress\/?p=902"},"modified":"2014-01-20T00:53:28","modified_gmt":"2014-01-20T05:53:28","slug":"and-the-end","status":"publish","type":"post","link":"https:\/\/control-h.org\/index.php\/2014\/01\/20\/and-the-end\/","title":{"rendered":"And the end"},"content":{"rendered":"<p>I&#8217;m home.  I wrote this on the train, but the Amtrak WiFi wasn&#8217;t working when I went to post.  Later, I saw that someone had had pretty much the same take I had about the lack of IPv6&#8230;.<\/p>\n<p>Final Shmoosings.<\/p>\n<p>The last presentation prior to the closing was a bit hard to take.  They (and <a href=\"http:\/\/www.schleppingsquid.net\/\" target=\"new\">Squidly1<\/a>) insist they\u2019re the good guys, and network admins shouldn\u2019t take steps to stop their <i>active probes<\/i>.  <\/p>\n<p>Maybe I\u2019d feel differently if the probes were passive, but these aren\u2019t.  (Coming from Punk Spider.)  To me, you\u2019d be a fool to let them continue to scan your network with impunity.<\/p>\n<p>Yes, the Koreans they\u2019re scanning might well be idiots.  It doesn\u2019t make the intrusion okay!<\/p>\n<p>It\u2019s things like this that make me wish iptables or pf had a &#8211;reject-with-diaf-blast flag.  For some, &#8211;with-tcp-reset isn\u2019t sufficient.  <\/p>\n<p>Summing up:<\/p>\n<p>1.  They\u2019re treading on thin ice with their active probes.  If they were using passive sniffing, it\u2019d be one thing, trying to scan the entre Internet is another matter, altogether.<br \/>\n2.  But they\u2019re not scanning the entire Internet!  IPv4 is a deprecated legacy protocol.  If they were doing any sort of v6 scanning, things might be slightly more intriguing.  Over at Users and Icecube, we\u2019ve been getting scanned normally a couple of times a week over v6.  I\u2019m pretty certain nothing\u2019s come of it.  Obviously Cawcks doesn\u2019t give us a native allocation, so we\u2019re using a tunnel broker, but it&#8217;d likely be the same with a native connection.  <\/p>\n<p>But even with the biggest AWS node the world\u2019s ever imagined, they wouldn\u2019t have the horsepoer to scan the <i>entire<\/i> Internet over v6.  And more and more of the backbone traffic actually is going that way.  Maybe you can stay ignorant of that fact, but it doesn&#8217;t take much research to verify.<\/p>\n<p><code>Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:4f8:3:7::25])<br \/>\n        (using TLSv1 with cipher DHE-RSA-AES256-SHA (256\/256 bits))<br \/>\n        (No client certificate requested)<br \/>\n        by users.757.org (Postfix) with ESMTPS id 7C795A9B6<br \/>\n        for <sean@757.org>; Thu,  2 Jan 2014 03:48:56 -0500 (EST)<br \/>\nReceived: by mail.netbsd.org (Postfix, from userid 605)<br \/>\n        id 0E08A14A12D; Thu,  2 Jan 2014 08:48:50 +0000 (UTC)<br \/>\nDelivered-To: netbsd-users@NetBSD.org<br \/>\nReceived: from localhost (localhost [127.0.0.1])<br \/>\n        by mail.netbsd.org (Postfix) with ESMTP id A6E4114A12A<br \/>\n        for <netbsd-users@NetBSD.org>; Thu,  2 Jan 2014 08:48:45 +0000 (UTC)<br \/>\nX-Virus-Scanned: amavisd-new at NetBSD.org<br \/>\nReceived: from mail.netbsd.org ([127.0.0.1])<br \/>\n        by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025)<br \/>\n        with ESMTP id 9RaUQzm2pzs7 for <netbsd-users@NetBSD.org>;<br \/>\n        Thu,  2 Jan 2014 08:48:45 +0000 (UTC)<br \/>\nReceived: from korriban.imil.net (korriban.imil.net [IPv6:2001:470:cbba::3])<\/code><\/p>\n<p>So, that was Shmoocon.  More than willing to discuss over a beer if someone is interested.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I&#8217;m home. I wrote this on the train, but the Amtrak WiFi wasn&#8217;t working when I went to post. Later, I saw that someone had had pretty much the same take I had about the lack of IPv6&#8230;. Final Shmoosings. The last presentation prior to the closing was a bit hard to take. They (and [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[31,36],"class_list":["post-902","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-shmoocon","tag-uncategorized"],"_links":{"self":[{"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/posts\/902","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/comments?post=902"}],"version-history":[{"count":0,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/posts\/902\/revisions"}],"wp:attachment":[{"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/media?parent=902"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/categories?post=902"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/tags?post=902"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}