It is worse than you think

Created: 2023-06-22 12:44

#mind

Our minds love to express self-pity. An ever growing TODO list, while you already have so much backlog on there… “Poor me, I’m never getting all this done.”

Recently I realized I get this strongly when I have much to do and I get interrupted with yet more things to do. This drains my energy to go against the thoughts of “I have to do everything here, can never get some time to myself”. Of course, this is my mind expressing self pity. Things are really not as bad as I make them out to be. Rather the low energy grumpy glasses I’ve got on at those times cloud how things really are.

[]

QJsonObject to QString

Created: 2023-06-22 11:50 #cpp #qt #json

With the following snippets you can convert a QJsonObject into a QString.

First convert the QJsonObject to a QJsonDocument. Then output the document as a QByteArray (the toJson method) and feed that to the QString init.

QJsonDocument doc(QJsonObject json);
QString jsonString(doc.toJson());

References

[]

CMake Linking Inheritance

Created: 2022-11-18 12:15

#cpp

Lei argues that the [[CMake]]’ interpretation of the keywords PUBLIC, PRIVATE and INTERFACE is much like the [[C++]] inheritance.

Suppose we have library A, B and C. To build library B we publicly link library A. If library C links against library B it automatically also links against library A. If instead we link B with A privately, when we link C against B, C is not automatically linked to A.

[]

Proactive Threat Detection: A DNS based approach

The second publication for the TIDE project. It has received the Best Paper Award at NOMS 2018.

Snowshoe spam is a type of spam which is notoriously hard to detect. Differently from regular spam, snowshoe spammers distribute the volume among many hosts, in order to make detection harder. To be successful, however spammers need to appear as legitimate as possible, for example, by adopting email best practice like Sender Policy Framework (SPF). This requires spammers to register and configure legitimate DNS domains. Previous studies uses DNS data to detect spam. However, this often happens based on passive DNS data. In this paper we take a different approach. We make use of active DNS measurements, covering more than 60% of the namespace, in combination with machine learning to identify malicious domains crafted for snowshoe spam. Our results show that we are able to detect snowshoe spam domains with a precision of more than 93%. Also, we are able to detect a subset of the malicious domain 2?104 days earlier than the spam reputation systems (blacklists) currently in use, which suggest our method can give us a time advantage in the fight against spam. In a real-life scenario, we have shown that our results allow spam filter operators to block spam that would otherwise bypass their mail filter. A Realtime Blackhole List (RBL) based on our approach is currently deployed in the operational network of a major Dutch ISP.

[]

ANYway: Measuring the Amplification DDoS Potential of Domains (preprint)

DDoS attacks threaten Internet security and stability, with attacks reaching the Tbps range. A popular approach involves DNS-based reflection and amplification, a type of attack in which a domain name, known to return a large answer, is queried using spoofed requests. Do the chosen names offer the largest amplification, however, or have we yet to see the full amplification potential? And while operational countermeasures are proposed, chiefly limiting responses to ‘ANY’ queries, up to what point will these countermeasures be effective? In this paper we make three main contributions. First, we propose and validate a scalable method to estimate the amplification potential of a domain name, based on the expected ANY response size. Second, we create estimates for hundreds of millions of domain names and rank them by their amplification potential. By comparing the overall ranking to the set of domains observed in actual attacks in honeypot data, we show whether attackers are using the most-potent domains for their attacks, or if we may expect larger attacks in the future. Finally, we evaluate the effectiveness of blocking ANY queries, as proposed by the IETF, to limit DNS-based DDoS attacks, by estimating the decrease in attack volume when switching from ANY to other query types. Our results show that by blocking ANY, the response size of domains observed in attacks can be reduced by 57%, and the size of most-potent domains decreases by 69%. However, we also show that dropping ANY is not an absolute solution to DNS-based DDoS, as a small but potent portion of domains remain leading to an expected response size of over 2,048 bytes to queries other than ANY.

[]