Your Fly Is Open

Netmenaces and Other Internet Stupidity

Doh!

2016-05-14 2 min read tricks

It was hubris.

There’s no other way to describe it: Stupid, dumbass hubris.

This morning, I tried to SSH into one of my honeypots to continue some work I was doing last night before going to bed. I opened my laptop, fired off an SSH connection to the box, aaaand… nothing.

What the hell?

I tried it again… nothing.

I fired off a couple of pings… Hmmmm, the box is alive…

It was at that point that the other “mental” shoe dropped.

Doh…

Last night, the very last thing that I did before logging out was to “tweak” the iptables firewall rules.

Oh, please… oh, please… oh, pleeeeeeease… tell me I didn’t…

Back in the day, when I was first working in IT, I learned this lesson the hard way, and I’m pretty sure that everyone who has done non-trivial IT work has done something similar at some point:

You, dumbass… You borked the iptables rules and locked yourself out of the box…

Back when I pulled this dumb stunt for the first time, I’d actually learned an important lesson: You are stupid and fallible - remember that always.

Part of “remembering that always” was taking precautions against punching holes in my foot with a firearm:

  • cp current_iptables.sh test_iptables.sh
  • [edit test_iptables.sh to add new rules]
  • screen
  • sudo test_iptables.sh && sleep 120 && sudo current_iptables.sh
  • CTRL-A-D
  • exit

Now, try logging back in… If you can, great! Copy your “test” rules over to the “current” rules and run them. If you can’t log back in, just wait a couple of minutes…

But you’re not young and stupid forever. At some point, you grow old and… well… stupid. Perhaps you actually grow stupider, because you start to believe that you actually know this stuff now and you don’t need to take all of those precautions that you took in your youth. You begin to believe you’re ten foot tall and bulletproof… until you’re spending a Saturday morning, digging around to find a keyboard and monitor to hook up to the box you locked yourself out of like some dumbass n00b.

And that’s when you come to the realization:

There’s never a time when you’re not a dumbass n00b.

-TL
Tom Liston
Owner, Principal Consultant
Bad Wolf Security, LLC
Mastodon: @tliston@infosec.exchange
Twitter: @tliston
May 14, 2016