Security ops engineer and investigator @ DomainTools, writer, voracious reader. he/him. Opinions here mine only. Autistic/depressed/anxious/hungry. https://dti.domaintools.com
Ian Campbell
Loading...
Some heroes don't wear capes
Video
Cool Bike Art
Today I learned the word "chicane" which apparently means an impediment or obstacle on a race course.
So naturally my next question was, if that causes a crash with impalement, is that a chicane kabob?
s BGP boring? Well...it depends. But a few quick observations we've made recently:
1. Several /24 IP blocks with consistent RPKI/IRR flips between a Romanian ASN, half a dozen Iranian ASNs, and another handful of shell ASNs in EU and NA in order to launder transit from sanctioned IP space.
2. A new problem child ASN is nothing more than a well-known AS bucketing all its known problematic customers together, but still taking their money and providing them service. All original prefixes for the Problem Child originated at its parent ASN and migrated in the course of 3 hours.
3. In looking at other IP blocks showing up in recent-ish advisories, you can see clear IP prefix handoffs from an Iranian ASN to an Italian one while traffic clearly still originates from Iran. The BGP updates occur in the middle of the night for Italy - but a healthy morning period for Tehran.
4. This one, we published on - a Seychelles-based ASN under complete transit capture by one Russian organization and a second Slovakian one whose administration offices just happened to be in Moscow.
And these aren't even the coolest things we've seen lately. These are just the ones I'm okay vaguebooking about.
So no - BGP ain't boring. Much like DNS, it leads you to exactly where threat actors hang their hat.
Look deeper, look wider, punch bad guys where it hurts and make sure bruises last.
Legit just had the worst idea ever and I kinda love it:
create a fake data broker / peoplesearch site in order to evaluate the data scrubbing services.
Another AI backlash piece - over 150 math professors from across the world, including Europe, Japan, and the US, warned governments especially not to "believe the hype" about AI systems' math abilities.
Leiden Declaration on Artificial Intelligence and Mathematics
leidendeclaration.ai#declaration
less obstacle and more maneuver, this is textbook track chicane
