Open Source Threat Intelligence and pf(4)

openbsd, pf, security, osint

I came up with the idea to utilize Open Source Threat Feeds, or OSINT on my private setup and quickly cooked up the shell script below in a rough, first try. The funny thing is that I more or less instantantly got hits from the 5346 IP addresses in the table:

@0 block drop log quick from <pf_osint:5346> to any
  [ Evaluations: 502       Packets: 20        Bytes: 800         States: 0     ]
  [ Inserted: uid 0 pid 68515 State Creations: 0     ]

🧐. The script is currently designed to run every 3 hours and to remove all IP addresses which had been added to the table after a day. I am not too happy about some of the parts right now, first of all: I'd like to seperate download and parsing out to a non-privileged process and feed one large junk of data to pfctl(8).

OpenBSD on Hyper-V Primer

hyper-v, scratchpad

I am fed up with VMWAre Workstation and I'd like to check if Hyper-V is a better alternative for me. This is not a tutorial but just a primer and scratchpad note mainly for me, thus those very brief notes.

  • Enable Hyper-V
  • Add User to Group “Hyper-V Administrators”
  • Create NAT Switch (Run as Hyper-V Administrator) New-VMSwitch -Name NATSwitch -SwitchType Internal Get-NetAdapter -Name *NATSwitch*
  • Setup Network for VMs. Hypter-V does not do DHCP, it just provides a switch, which I dig. (Run as Administrator)
    • Setup IP Gateway IP Address for VMs. You need the IfIndex from the Get-NetAdapter command from above New-NetIPAddress -IPAddress -PrefixLength 24 -InterfaceIndex 42
    • Now setup NAT New-NetNat -Name HyperVNAT -InternalIPInterfaceAddressPrefix

We can setup our VM now: New-VM -Name "obsd test" -MemoryStartupBytes 1GB -Generation 1 -BootDevice CD -SwitchName NATSwitch -NewVHDPath 'C:\path\to\vmstorage\obsd-test\base.vhdx' -NewVHDSizeBytes 50GB

Things that are missing / unclear so far:

  • non-persistent HDD
  • How does it know what the NAT Interface is and how does it perform if you move from wired to a wireless connection?
  • don't know right now how to provide the ISO Image for the DVD via New-VM
  • quick tests using a Generation 2 VM didn't work out as the ISO didn't boot and the Hyper-V didn't like miniroot62.fs as an ISO…


Settling in and some outlook


A night without sleep later I am slowly getting a clearer picture of how the pieces are fitting together. Ricing my blog is getting smoother and smoother as my understanding of sblg, HTML and CSS increases and I was able to unclutter both my Makefile and the HTML code. But there is a lot of additional chopping to be done.

Phear of Phishing

phishing, idn

I knew that an aquaintance of mine, Oliver Paukstadt, had been in contact w/ Apple about something related to IDN. Up until recently I was unaware of the exact details but I feared that due to his actions the last vendor I know off would stop rendering my emoji domain as unicode but would also go ahead and display punycode instead.

Luckily I dodged that bullet ;-)

But I wondered what's it all about CVE-2017-7106. The gist seems to be about unicode confusables as he is keen to demonstrate over at Thinking Objects’ blog. While I can see where he is coming from (just visit and his demo tᴏ.com from an iOS10 device) but I still am not convinced that this is solving any real issue. Just to be clear, this is not meant to belittle any of his work.

Just stick with me and have a look at the following two address bars in iOS11: