Author: adamo

I am a Greek DevOps Engineer ranting about everything, from email to sports; to living in Athens, Greece.

The Dataverse Network Project

Μια και αρκετοί πια μιλάνε (και γράφουν) για ανοιχτά δεδομένα και κυβερνήσεις, διεθνείς οργανισμοί κ.ο.κ. ανοίγουν την πρόσβαση προς τα δεδομένα που παράγουν, μια ματιά στο Dataverse project είναι χρήσιμη.

[via]

“v=spf1 mx -all”

It seems that a lot of web hosting providers are now using SPF in an effort to minimize spam that may seem to originate from their clients. Unfortunately many of them seem to use a default setup of “v=spf1 mx -all”. This configuration is interpreted as follows:

  • v=spf1 This identifies the TXT record as an SPF string.
  • mx The MX servers for the domain are allowed to send email that originates from the domain.
  • -all No other servers are allowed to send mail originating from the domain.

To the uninformed user this setup creates delivery problems, unless he is provided with a port 587/tcp submitting email option by his webhosting / email provider. For when the user tries to send email using his ISP’s outgoing SMTP server, anyone honoring SPF records drops the email. And yes the hosting provider never hears about that because the user calls the first level support of the ISP who clearly cannot help him.

-all is a good idea only when you provide your customer with a port 587/tcp sending email option.

Note: This post was triggered by my frustration because of a similar case and the timely request of a reader of this blog to write something about SPF. To be honest, I do not consider SPF as an antispam solution since a spammer can have (and in fact many do) perfectly legal SPF records for domains that they own.

REX – the RIPE NCC Resource Explainer

Another gem from Thursday’s and Friday’s training course: REX – the RIPE NCC Resource Explainer. Historical data on IP space allocated to you by RIPE NCC, reverse DNS stuff, inclusion to blacklists and other interesting data is there. Highly useful when you need to document certain decisions or recommendations to higher management since they come from an unbiased trusted third party. The kind of stuff you expect RIPE NCC to give back to its members.

IPv6: an exercise

Today’s RIPE training course included a very interesting exercise:

We will run out of available IPv4 addresses before we run out of the need for IPv4. But we may be able to make more efficient use of the IPv4 addresses we already hold.

Within your group, think of areas in your network where you could reclaim IPv4 addresses. This can be done by changing some parts of your network to use private IPv4 address space, or you could change the way you have subnetteed, or some other way entirely…

Also think of which networks can already be completely migrated to IPv6 (not dual stacked!) without any problems.

You and your group have 10 minutes to come up with all reclaimable IPv4 addresses in your networks.

For each area, we’d like to know:

  • advantages
  • disadvantages
  • feasibility
  • amount of address space/time it will provide

Within these 10 minutes I was able to locate about 3 (maybe 4) /24 networks that could be reclaimed and I am sure that discussions with our routermasters will reveal some more. The time to act for IPv6 is now.

Q: What is an Incident?

Despite the toxicity that certain meetings carry, I’ve decided to try and make the most out of them. In a meeting that I attended the other day the question arose:

– What is an Incident?

So how does one define a security incident? The easy way out is “an incident is when I say it is”. Would you easily define as an incident every policy violation? Do automated ssh scans count as incidents? Or do we care for the interesting ones only?

How do you define an incident as such?