Stefan Schmidt

Techies: with IPv6, we'll never run out of addresses! Also techies:

@il_cont @kmcnam1 I think i’ve seen stickers with that. discworld.fandom.com/wiki/Hex

@kmcnam1 Anthill Inside (cit,j

I’m going to bring back IRC.

@sherrod_im What do you mean bring back? I’ve never left.

@kmcnam1 now do it 120 times and three nights in a row

@TracketPacer never not bulk table get

it’s taken me my entire career up until today to not touch SNMP with my dirty little mitts. i hadn’t so much as blinked at an SNMP trap. but then… i purchased a switched PDU

Ex-BND (German Foreign Intelligence Service) deputy chief Arndt Freytag von Loringhoven received a message from fake Signal “support” asking for his PIN. He typed it in. His contacts then got a malicious link through his hijacked account. He’s a former NATO intelligence chief, and the author of a book called Putin’s Attack on Germany, where he apparently covers Russian cyberattacks. He fell for a fake customer service message.

If you use a personal phone/laptop for your work, pay very close attention to this little detail. Iran attackers wipe 200k devices at a company called Stryker. Within those devices appears to be employees PERSONAL devices. The attackers used the company’s MDM software, which is basically IT management software running on everything. It’s an incredibly attractive backdoor to an attacker. I successfully targeted MDM software for several Red Team engagements. It’s… lots of fun :) Anyway, a lot of companies require you to install their MDM software on your personal devices before you can access resources like Corp email. It’s used to keep devices updated, lock things down if they get stolen, etc. The company often promises that they won’t access personal data, erase any personal data, etc. But this is often ONLY POLICY. If a bad actor gains access to the MDM tool, as was the case here, then anything can happen. People should be aware of these risks. I refused to run MDM software on any of my personal devices. The company needs to provide me with hardware if they want that. I personally isolate all corp devices to their own network too. If an adversary can get into the corp laptop, then can then get inside my network… there have been cases of it happening in the past.

@ghidraninja @Szpadel0 You will adapt.

@Szpadel0 I still type that first

Simple age check for Linux: Just have the shell ask the user to check the host IP on first boot. If they type ifconfig they are old enough, if they type ip addr they deserve to be restricted from their computer 😇

@TheIcelandGuy Open recursive server is not much of an issue in my experience (29670) but of course it depends on size of the customer base. If you can limit access to the fabric even better. I'd put a dnsdist in front for rate limits or blocks on a whim. 1-2GB of RAM is usually enough.

@Zap42 I’d like to offer faster local recursion available to anyone connected to a switch fabric/ixp. Google isn’t sending a resolver anytime soon so “self help”. Plenty of CPU+RAM to put to work. Abuse is the challenge. Or is it?

If you can’t get access to a localized dns resolver like 1.1.1.1/8.8.8.8/etc is there a roll your own alternative that makes sense? #dns #networkperformance

True or false, cybersecurity skills are necessary for IT admins?

blog.recurity-labs.com/2026-03-02/Far… If you have any fond memories of FX, the lovely team at Recurity Labs would love to hear from you

@quelltexten An der Theorie mit zu gross zum scannen koennte was dran sein. Mein aktuelles fail2ban log sagt fuer IPv6 keine Eintraege bei ssh aber welche fuer exim.

es ist so absurd wie seit ich ipv6 only server habe ich praktisch keine ssh login versuche mehr bekomme. mein f2b war vorher permanent auf 50+ entries bei sehr geringer ban time, jetzt leer

Airspace clearing after strikes by the United States and Israel in Iran.

@Cloudflare 53 because your 80 and 443 depends on it.

Let's talk ports. Aside from 80 and 443 what is your favorite networking port and why? #CloudflareChat

@UK_Daniel_Card Oh hey NETWORK, i know that one.

WHAT THE FUCK