i once had to look at a firefall appliance cluster, (discovered, it could not do any failover in its current state but somehow the decider was ok with that) but when looking at its logs, i discovered an rsh and rcp access from an ip address that belonged to a military organisation from a different continent. i had to make it a security incident. later the vendor said that this was only the cluster internal routing (over the dedicated crosslink), used for synchronisation (the thing that did not work) and was only used by a separate routing table only for clustersync and that could never be used for real traffic. but why not simply use an ip that you “own” by yourself and PTR it with a hint about what this ip is used for? instead of customers scratching their head why military still uses rcp and rsh. i guess because no company reads firewall logs anyway XD
someone elses ip? yes! becuase they’ll never find out !!1!
i really appreciate that ipv6 has things like a dedicated documentation address range and that fc00:/7 is nicely short.
that could come in veery handy once microsoft wants to pull some plugs. i guess we can be grateful for the backup that is 1. not 100% in m$ hands any more then and 2nd cannot be as easy destroyed as some backups at archive.org. i actually hoped for someone with enough money to create this type of security after m$ assimilated github and thought like “does nobody see the rising danger there?” but even if china’s great fork might be more reliable than m$ over time, maybe it’s better to have your own backups of all the things you actually may need in future.
btw did microsoft manage to get rid of the hackers that settled into their network for … how long??
i guess they’ll tell