Mythic Monday – The Lion, the Mouse, and the Fox
- At January 25, 2010
- By Josh More
- In Mythology
0
In case you haven’t figured it out, I fall back to blogging about an Aesop fable when I’m stuck for other things. In this case, I am stuck underneath a cat and all of my mythological references are about half a meter out of reach. Luckily, many of Aesop’s fables are available online. Like, for example, this one.
In this story, a sleeping lion is startled awake when a mouse runs across his nose. Looking all around for whatever woke him up, he checks all over his cave and finds nothing. A fox observes this behavior and, knowing that he can outrun a sleepy lion, makes fun of him for being afraid of a mouse. Attempting to safe face, the lion claims not to have been afraid, but more affronted by the bad manners.
As usual, Aesop completely missed the point of his story. Instead of being a droll observation of class structure of ancient Greece, it’s obviously a better lesson for dealing with initial network probes. Probes are a fact of life on the Internet. All sorts of attackers on the Internet want to take over your systems. The first step is to send out a small probe and uncover various things about the potential targets. This is part of what firewalls are supposed to prevent.
A lion needs a few things as it sleeps. Air, probably being the most important. However, if it wishes to stay asleep, it helps to have a way to keep the mice out of the lion cave.
As an aside, I personally question how common it was for lions to sleep in caves. Modern lions don’t seem to do this… though perhaps that has less to do with lion slumber preferences and more to do with a general lack of caves in subSaharan Africa.
So, if you have a lion that wish to keep vermin-free, it would help to put up some sort of chicken wire fence over the “cave”, thereby allowing in air and preventing mice (and rats… it’s a twofer!). In much the same way a firewall keeps out known malicious traffic so your servers can crunch their numbers in piece. Admittedly, our firewalls block worms. Worms are smaller and trickier than mice, which is why the firewalls are more complex and expensive than chicken wire.
Running without a firewall would be like trying to coax a lion into sleeping while they are being trampled flat by a veritable cascade of members of the family Muridae.
Mythic Monday – The Aging Lion and the Fox
- At December 14, 2009
- By Josh More
- In Mythology
- 0
Another one of Aesop’s fables that isn’t that well known is that of the aging lion and the fox. You can click the link and read it, but for those of you that are linkaphobic, here’s a short version:
A lion was getting old and having trouble hunting. He decided, instead, to pretend to be sick and went back to his cave, moaning all the way. Over time, as each of his neighbors stopped by to check on him, he ate them.
Then, one day a fox came by and asked how the lion was doing. The lion moaned and asked the fox to come closer. The fox then observed that the footprints all led into the cave, and none came out.
Clearly, the fox is the fable animal to be. He’s smart. He’s observant. He’s… umm… red and furry? (Are Greek foxes red? . . . Yes, after googling a bit, it seems that the red fox is global, and the grey fox is only native to the Americas… which has nothing whatsoever to do with this blog entry.)
No, the point of this blog entry is that of evidence. If the lion had been wise, he would have either wiped the tracks after each meal or (more preposterously) fabricated tracks going back out. The fact that he didn’t, is what allowed the fox to escape and presumably tell the other animals what the lion had been up to (and Aesop, since he wrote it down). So, not only was the lion caught, but he lost his lovely little racket and probably starved to death shortly thereafter.
Most attackers are aware of this story (sorta), and do take some effort to reduce evidence. A burglar usually wears gloves, a bank robber usually wears a mask, and a hacker usually clears system logs. So, if we want to make it hard for the lion to wipe away the footprints, we have a few options. The first is to replace the dirt outside his den with fast-setting concrete… which would prove somewhat troublesome if you analyze this ridiculous analogy too far. The second is to set up a camera trap and record everyone who enters the cave. (For those purists who would point out that there were no cameras in ancient Greece, let’s just say that Hephaestus is there cranking out a vase for each animal. (Happy now, picky people?))
In the modern world, we actually use both of these techniques. Instead of fast-setting concrete, we have a hard drive technology called WORM, or Write Once Read Many. With this drive, you can store the logs in such a way that they cannot be altered. They are, however, quite expensive and can be difficult to set up properly. Instead, we generally prefer to use the camera/vase trap system. For this, we use one of many remote-logging technologies. The simplest is probably the venerable syslog server.
This solution simply involves setting up a dedicated server and installing one of the many syslog systems on it. Then you do a bit of configuration on each of the other servers you have and basically tell them to go log over there. Whenever there is an event, it goes over the network and is stored off the server. That way, if an attacker gets in, even if they wipe their own traces, there is a backup elsewhere that is (in theory) a lot harder to alter.
Of course, you still have to actually be the fox and look at the logs now and then, but at least you’ll be safe from a smart lion.
Mythic Monday – Aesop: The Dog, The Rooster and the Fox
- At October 26, 2009
- By Josh More
- In Mythology, Natural History
- 1
This isn’t one of Aesop’s more commonly known fables. Like most of them, it quite simple. Essentially, a dog and rooster are friends (we ignore the improbability of that bit), and taking a bit of a holiday. As they came do the end of the day, they decide to go to sleep. As is their nature, the rooster perches atop a hollow tree and the dog curls up to sleep inside the tree.
When morning comes, the rooster crows, and attracts the attention of a fox. The fox invites the rooster home for breakfast. The rooster, being wise (demonstrating again, that this is a fable and not reality), tells the fox the he is regrettably unable to accept such a generous offer, but instead invites the fox to join him inside the tree. The fox (seemingly unable to smell the dog within) enters the tree and is promptly devoured.
Clearly, the lesson that Aesop wished us to learn was to beware the rooster. However, it is also quite possible that Aesop was covering for the known illegal leanings of roosters and dogs. This dastardly duo was singlehandedly responsible for the massive reduction of the fox population in ancient Greece. This is much as how modern phishers work.
Security attacks have gotten sufficiently complex that different people are better at different aspects. Some attackers are best at writing malware and others are best at sending the emails that distribute the malware. So, just like the dog and rooster, they have gotten good at working together. By each relying upon their their best skills, they can take over (attract and eat) various targeted computers (foxes).
Of course, this only works on foxes that aren’t paying attention. If the fox in the story had simply stopped to realize that:
- Roosters tend not to live in hollow trees.
- Dogs have a noticeable odor. . . especially for foxes.
The same applies to phishing emails.
- Organizations such as the FBI and IRS are generally not in the habit of emailing people.
- Phishing spam also has a noticeable odor (spear phishing is a bit different).
At the core, email is not 100% deliverable. If anything is extremely important (as someting from the FBI or IRS would be), it would come in a manner that is more reliable. Registered letter and phone calls tend to be popular. Similarly, if someone has your email address, wouldn’t it make sense that they already have your name, phone number and other personal information? If an email asks you to “verify” your information, it’s good to be suspicious.
Above all, unlike the fox in the story (and just like foxes in real life) it pays to be wary.
