• smb@lemmy.ml
      link
      fedilink
      arrow-up
      3
      ·
      6 months ago

      i once had to look at a firefall appliance cluster, (discovered, it could not do any failover in its current state but somehow the decider was ok with that) but when looking at its logs, i discovered an rsh and rcp access from an ip address that belonged to a military organisation from a different continent. i had to make it a security incident. later the vendor said that this was only the cluster internal routing (over the dedicated crosslink), used for synchronisation (the thing that did not work) and was only used by a separate routing table only for clustersync and that could never be used for real traffic. but why not simply use an ip that you “own” by yourself and PTR it with a hint about what this ip is used for? instead of customers scratching their head why military still uses rcp and rsh. i guess because no company reads firewall logs anyway XD

      someone elses ip? yes! becuase they’ll never find out !!1!

      i really appreciate that ipv6 has things like a dedicated documentation address range and that fc00:/7 is nicely short.