Max Resing
@resingm.infosec.exchange.ap.brid.gy
Passionate about networking protocols, the Internet, how to measure it and big data. Overall a curious mind and problem solver.
Interests & profession […]
[bridged from https://infosec.exchange/@resingm on the fediverse by https://fed.brid.gy/ ]
Interests & profession […]
[bridged from https://infosec.exchange/@resingm on the fediverse by https://fed.brid.gy/ ]
Anyone of you #python #developers works with #dnspython? The documentation says there is a `timeout` field implemented. I am working with `v2.8.0`, and my interpreter complains that there is no argument called `timeout`. Same holds for the `lifetime` argument.
Solved it, by adding it to the […]
Solved it, by adding it to the […]
Original post on infosec.exchange
infosec.exchange
November 14, 2025 at 10:47 AM
Anyone of you #python #developers works with #dnspython? The documentation says there is a `timeout` field implemented. I am working with `v2.8.0`, and my interpreter complains that there is no argument called `timeout`. Same holds for the `lifetime` argument.
Solved it, by adding it to the […]
Solved it, by adding it to the […]
Some will likely remember that #megamedusa caused issues to many folks due to their #ddos tool leveraging open #proxy infrastructure. Shortly after, there appeared a feed online called #minimedusa. This feed truly disrupted the efficacy of the tool, and lead to a sharp drop of notable DDoS […]
Original post on infosec.exchange
infosec.exchange
November 14, 2025 at 9:00 AM
Some will likely remember that #megamedusa caused issues to many folks due to their #ddos tool leveraging open #proxy infrastructure. Shortly after, there appeared a feed online called #minimedusa. This feed truly disrupted the efficacy of the tool, and lead to a sharp drop of notable DDoS […]
Did someone else notice that #malpedia is offline? Or is this just the case for me?
#downtime #fraunhofer #malware #research
#downtime #fraunhofer #malware #research
November 11, 2025 at 10:00 AM
Did someone else notice that #malpedia is offline? Or is this just the case for me?
#downtime #fraunhofer #malware #research
#downtime #fraunhofer #malware #research
Exploring some insights of the #dns root servers, and I discovered this small bump of `NOTIMP` repsonse codes of `a.root-servers.net`, operated by #verisign. I checked other server instances with public statistics, and also `k.root-servers.net`, operated by […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
November 10, 2025 at 11:08 AM
Exploring some insights of the #dns root servers, and I discovered this small bump of `NOTIMP` repsonse codes of `a.root-servers.net`, operated by #verisign. I checked other server instances with public statistics, and also `k.root-servers.net`, operated by […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
Between February and August, the #eleven11 was on the news. Using the parallel #dns root #opennic was nothing new for a botnet. Yet, this botnet was the first known botnet of it's size using the OpenNIC system.
We summarized insights in a new blog post: 161 Days of Eleven11
#ddos #rapperbot […]
We summarized insights in a new blog post: 161 Days of Eleven11
#ddos #rapperbot […]
Original post on infosec.exchange
infosec.exchange
November 10, 2025 at 8:37 AM
Between February and August, the #eleven11 was on the news. Using the parallel #dns root #opennic was nothing new for a botnet. Yet, this botnet was the first known botnet of it's size using the OpenNIC system.
We summarized insights in a new blog post: 161 Days of Eleven11
#ddos #rapperbot […]
We summarized insights in a new blog post: 161 Days of Eleven11
#ddos #rapperbot […]
It looks like #archlinux still observes operational impact of an ongoing #ddos attack of some adversary. If I recall correctly, it was late August when they had the first issues. The Internet is really not kind to these benevolent folks spending hours and […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
October 27, 2025 at 10:45 AM
It looks like #archlinux still observes operational impact of an ongoing #ddos attack of some adversary. If I recall correctly, it was late August when they had the first issues. The Internet is really not kind to these benevolent folks spending hours and […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
I remember the days, when the idea of #DNS4EU was introduced. It felt like a "response" from NextDNS to launch their own #european solution of a public resolver to get ahead of the launch of DNS4EU and acquire some of the market share. With that, they […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
October 20, 2025 at 7:33 AM
I remember the days, when the idea of #DNS4EU was introduced. It felt like a "response" from NextDNS to launch their own #european solution of a public resolver to get ahead of the launch of DNS4EU and acquire some of the market share. With that, they […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
Albeit, I am a long-term #linux user, after all these years it still does not come short of surprises. When I face an unknown IP #protocol number, I tend to check Wikipedia's listing. Yet, `/etc/protocols` provides me with an equally extensive list.
#network #routing #linuxadmin #unix
#network #routing #linuxadmin #unix
List of IP protocol numbers - Wikipedia
en.wikipedia.org
October 20, 2025 at 7:17 AM
Albeit, I am a long-term #linux user, after all these years it still does not come short of surprises. When I face an unknown IP #protocol number, I tend to check Wikipedia's listing. Yet, `/etc/protocols` provides me with an equally extensive list.
#network #routing #linuxadmin #unix
#network #routing #linuxadmin #unix
#til that #apnic and #cloudflare partnered on 1.1.1.1. APNIC had ownership of the two #ipv4 prefixes 1.0.0.0/24 and 1.1.1.0/24 - both are anycasted for Cloudflare's #dns resolver for a while now. In return, APNIC receives valuable insights into DNS behaviour.
More on it in their blog post.
More on it in their blog post.
1.1.1.1 — The free app that makes your Internet faster.
Install the free app that makes your phone’s Internet more fast, private, and reliable.
one.one.one.one
October 14, 2025 at 7:55 AM
I've been (truly) way from keyboard for the past 2 weeks, and lots of stuff has happened in the cyber space. Need to catch up with a lot of stuff.
Makes you wonder, how much cyber threat related information you actually process in your daily routines, even outside of working hours, without even […]
Makes you wonder, how much cyber threat related information you actually process in your daily routines, even outside of working hours, without even […]
Original post on infosec.exchange
infosec.exchange
October 13, 2025 at 12:04 PM
I've been (truly) way from keyboard for the past 2 weeks, and lots of stuff has happened in the cyber space. Need to catch up with a lot of stuff.
Makes you wonder, how much cyber threat related information you actually process in your daily routines, even outside of working hours, without even […]
Makes you wonder, how much cyber threat related information you actually process in your daily routines, even outside of working hours, without even […]
Looking into #alternative #dns roots. Wikipedia has a list of active ones. Did you know, that #russia has their own (for ISPs mandatory) DNS root?
Alternative DNS root - Russian National Domain Name System.
Alternative DNS root - Russian National Domain Name System.
September 22, 2025 at 2:04 PM
Looking into #alternative #dns roots. Wikipedia has a list of active ones. Did you know, that #russia has their own (for ISPs mandatory) DNS root?
Alternative DNS root - Russian National Domain Name System.
Alternative DNS root - Russian National Domain Name System.
Sweet. It looks like #tails #linux 7.0 was just released. It is based on the latest #debian13 release. Time to ditch my old Tails VM and setup a new one tomorrow.
Announcement is here:
https://tails.net/news/version_7.0/
#tor #privacy
Announcement is here:
https://tails.net/news/version_7.0/
#tor #privacy
Tails - Tails 7.0
tails.net
September 18, 2025 at 7:57 PM
Yesterday, 10 years ago, Let's Encrypt issued their first #tls #certificate to the domain name `helloworld.letsencrypt.org`. Since then, they issued 7 billion certificates.
To quote Borat: "Great success!"
Congrats!
#letsencrypt #tls #ssl #https
To quote Borat: "Great success!"
Congrats!
#letsencrypt #tls #ssl #https
September 15, 2025 at 7:27 AM
Yesterday, 10 years ago, Let's Encrypt issued their first #tls #certificate to the domain name `helloworld.letsencrypt.org`. Since then, they issued 7 billion certificates.
To quote Borat: "Great success!"
Congrats!
#letsencrypt #tls #ssl #https
To quote Borat: "Great success!"
Congrats!
#letsencrypt #tls #ssl #https
It is rumored that a #ddos attack happened during the local #elections in the city of #Münster, and surrounding regions. #wdr reports that a bunch of IP addresses send millions of requests. I was not able to check tje results myself at times on the official platform #citeq.
Have not anything […]
Have not anything […]
Original post on infosec.exchange
infosec.exchange
September 14, 2025 at 8:07 PM
It is rumored that a #ddos attack happened during the local #elections in the city of #Münster, and surrounding regions. #wdr reports that a bunch of IP addresses send millions of requests. I was not able to check tje results myself at times on the official platform #citeq.
Have not anything […]
Have not anything […]
"With dove season in full swing, we ask all our customers to please be
mindful of their surroundings and avoid shooting doves on or near
fiber/electric lines."
* Lexington Electric Systems, from the NANOG mailing list
This must be a very #us centric problem of #internet service providers […]
mindful of their surroundings and avoid shooting doves on or near
fiber/electric lines."
* Lexington Electric Systems, from the NANOG mailing list
This must be a very #us centric problem of #internet service providers […]
Original post on infosec.exchange
infosec.exchange
September 12, 2025 at 9:08 AM
"With dove season in full swing, we ask all our customers to please be
mindful of their surroundings and avoid shooting doves on or near
fiber/electric lines."
* Lexington Electric Systems, from the NANOG mailing list
This must be a very #us centric problem of #internet service providers […]
mindful of their surroundings and avoid shooting doves on or near
fiber/electric lines."
* Lexington Electric Systems, from the NANOG mailing list
This must be a very #us centric problem of #internet service providers […]
So, while working on some #botnet research, I discovered a domain for which a #nameserver was configured with the name `ns1.nulled-ns.com` and `ns2.nulled-ns.com`. As more I figure out about this unknown authoritative nameserver, as more I am convinced that the entire purpose of the nameserver […]
Original post on infosec.exchange
infosec.exchange
September 11, 2025 at 11:08 AM
So, while working on some #botnet research, I discovered a domain for which a #nameserver was configured with the name `ns1.nulled-ns.com` and `ns2.nulled-ns.com`. As more I figure out about this unknown authoritative nameserver, as more I am convinced that the entire purpose of the nameserver […]
Big leap forward on #internet #governance in #canada: By November 04, ISPs are required to report major outages within 2 hours and must hand in a post-mortem 30 days following the incident. The proclaimed goal is to strenghten transparency in the short term, and resiliency in the long term […]
Original post on infosec.exchange
infosec.exchange
September 10, 2025 at 10:36 AM
Big leap forward on #internet #governance in #canada: By November 04, ISPs are required to report major outages within 2 hours and must hand in a post-mortem 30 days following the incident. The proclaimed goal is to strenghten transparency in the short term, and resiliency in the long term […]
Do not read this as critique to #ipinfo, but I am surprised to see that the `b`, `i`, `k`, `l` and `m` #dns root servers have the "privacy" flag set, meaning the IPs attempted to "hide" themselves.
All 13 root server IPs are flagged as #anycast. I thought, there are still ~some~ servers not yet […]
All 13 root server IPs are flagged as #anycast. I thought, there are still ~some~ servers not yet […]
Original post on infosec.exchange
infosec.exchange
September 4, 2025 at 10:41 AM
Exciting to share that #polars made it's first move into #distributed processing. They announced Polars Cloud just recently.
To me, it looks like self-hosting is on the agenda. I am waiting patiently :)
#datascience #dataengineering #distributedsystems #python
To me, it looks like self-hosting is on the agenda. I am waiting patiently :)
#datascience #dataengineering #distributedsystems #python
Index - Polars user guide
docs.pola.rs
September 4, 2025 at 6:53 AM
Exciting to share that #polars made it's first move into #distributed processing. They announced Polars Cloud just recently.
To me, it looks like self-hosting is on the agenda. I am waiting patiently :)
#datascience #dataengineering #distributedsystems #python
To me, it looks like self-hosting is on the agenda. I am waiting patiently :)
#datascience #dataengineering #distributedsystems #python
Looks like there is a typo squatting attack going on to harvest #container #registry login #credentials of #ghcr:
https://bmitch.net/blog/2025-08-22-ghrc-appears-malicious/
Be safe out there!
#github #docker #podman #kubernetes #phishing #devops
https://bmitch.net/blog/2025-08-22-ghrc-appears-malicious/
Be safe out there!
#github #docker #podman #kubernetes #phishing #devops
ghrc.io Appears to be Malicious
Comments
bmitch.net
August 25, 2025 at 7:24 PM
Looks like there is a typo squatting attack going on to harvest #container #registry login #credentials of #ghcr:
https://bmitch.net/blog/2025-08-22-ghrc-appears-malicious/
Be safe out there!
#github #docker #podman #kubernetes #phishing #devops
https://bmitch.net/blog/2025-08-22-ghrc-appears-malicious/
Be safe out there!
#github #docker #podman #kubernetes #phishing #devops
It's been a few days that the #gfw was observed to block off all TCP/443 connections for around 2 hours on August 20.
What do you folks speculate might have been the reason behind it?
#china #censorship #greatfirewall
What do you folks speculate might have been the reason behind it?
#china #censorship #greatfirewall
August 25, 2025 at 9:29 AM
It's been a few days that the #gfw was observed to block off all TCP/443 connections for around 2 hours on August 20.
What do you folks speculate might have been the reason behind it?
#china #censorship #greatfirewall
What do you folks speculate might have been the reason behind it?
#china #censorship #greatfirewall
The Great Firewall Report publishes some research on how #china cut-off all `TCP/443` (inbound and outbound) with `TCP RST+ACK` packet injections through the #greatfirewall .
Intimidating, how a nation can isolate their entire population from the common #internet .
#censorship #gfw
Intimidating, how a nation can isolate their entire population from the common #internet .
#censorship #gfw
Analysis of the GFW's Unconditional Port 443 Block on August 20, 2025
Comments
gfw.report
August 22, 2025 at 9:42 AM
The Great Firewall Report publishes some research on how #china cut-off all `TCP/443` (inbound and outbound) with `TCP RST+ACK` packet injections through the #greatfirewall .
Intimidating, how a nation can isolate their entire population from the common #internet .
#censorship #gfw
Intimidating, how a nation can isolate their entire population from the common #internet .
#censorship #gfw
In January 2023, #cloudflare replaced #verisign in providing #dns #registry services for the `.gov` #tld. Besides the registry, they also run the authoritative #nameservers.
Verisign ran it for 12 years, and cost the #us #government apparently just half as much as Cloudflare charges ($7.2M) […]
Verisign ran it for 12 years, and cost the #us #government apparently just half as much as Cloudflare charges ($7.2M) […]
Original post on infosec.exchange
infosec.exchange
August 22, 2025 at 6:42 AM
In January 2023, #cloudflare replaced #verisign in providing #dns #registry services for the `.gov` #tld. Besides the registry, they also run the authoritative #nameservers.
Verisign ran it for 12 years, and cost the #us #government apparently just half as much as Cloudflare charges ($7.2M) […]
Verisign ran it for 12 years, and cost the #us #government apparently just half as much as Cloudflare charges ($7.2M) […]
Reposted by Max Resing
Having lost more hours to reading criminal complaints over the years than I care to remember, I can confidently state that I have never encountered one as entertaining and complete as the one that dropped today, charging a 22 y/o Oregon man with operating […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
August 19, 2025 at 9:00 PM
Having lost more hours to reading criminal complaints over the years than I care to remember, I can confidently state that I have never encountered one as entertaining and complete as the one that dropped today, charging a 22 y/o Oregon man with operating […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
This threat here suggests that more activity stems again from the #opennic parallel #dns #root .
Not sure, if more activity, and a reborn of the #opennicproject leads to less or more abuse from the system. Any opinions from the #infosec community?
#askfedi #askinfosec
Not sure, if more activity, and a reborn of the #opennicproject leads to less or more abuse from the system. Any opinions from the #infosec community?
#askfedi #askinfosec
discuss - [opennic-discuss] Failed TLDs for removal - arc
lists.opennicproject.org
August 17, 2025 at 11:54 AM
This threat here suggests that more activity stems again from the #opennic parallel #dns #root .
Not sure, if more activity, and a reborn of the #opennicproject leads to less or more abuse from the system. Any opinions from the #infosec community?
#askfedi #askinfosec
Not sure, if more activity, and a reborn of the #opennicproject leads to less or more abuse from the system. Any opinions from the #infosec community?
#askfedi #askinfosec