One of the challenges faced when managing our OpenBSD firewalls is the distribution of IPs to pf tables without manually modifying /etc/pf.conf on each of the firewalls every time.
This task becomes quite tedious, specifically when you want to distribute different types of changes to different systems (eg administrative IPs to a firewall and spammer IPs to a mail server), or if you need to distribute real time blacklists to a large number of systems.
The following post outlines one a method of distributing such lists using OpenBGP to deliver them into your pf tables.
Have you checked your server logs lately? Did you see those "odd" requests from arbitrary IPs that appear to perform a single request and "vanish"? Have you ever wondered how many of those are actually random? Do they return ? How often?
No matter which service you expose to the internet (http, ssh, smtp, imap), you are certain to notice protocol-aware requests (e.g. valid HTTP get request) from random IP addresses hitting your public services.
The following blog post focuses around answering these questions and the ways we utilize the Abuser module of Echofish to identify persistent attackers on our services, that would otherwise stay unnoticed.
Athens, Greece, 9 September 2014: Echothrust Solutions is pleased to announce that Emirates Integrated Telecommunications Company (du) chose the EchoCTF platform for its first ever hacking competition, the du Hackathon that will take place on September 18th 2014, during du's annual Cyber Security Conference at Armani Hotel in Dubai.