Dustin Decker

Little Squeaks

I’d love to say some days are slower than others but it’s not really true. I might spend an enormous amount of time, consuming new skillsets and sharpening my edge. While that’s going on, the Internet will of course continue to Internet. Let’s take a look at a three-day period of alert logging from a perimeter.

A custom firewall configuration utilizing Emerging Threats, FireHOL, and Tor lists for denying access at the perimeter.
“Default” captures remainder of denied packets.

More of the standard “Noise” we expect from Asia and Europe, and even Tor. While the Tor traffic in and of itself isn’t particularly concerning, it’s interesting to note some of the behavior when packets are being dropped. The number of packets per exit node and time between them is somewhat revelatory. The log has a total of 1642 fresh entries, with a significant amount of repetition.

The geographical and network distance between source and destination, and subsequent TTL and latency, allow us to develop a picture fairly quickly.

Dustin Decker

Hello World! My name is Dustin Decker, and I am a full-time security researcher and student with over twenty years of experience as an information systems engineer. I am currently beginning my senior year pursuing my second bachelor’s degree in applied Cybersecurity (BACS) with the SANS Technology Institute. I anticipate graduating in May of 2024. I am a skilled Information Security Analyst with expertise in risk management framework (RMF), systems development life cycle (SDLC), security life cycle, management of a wide range of vulnerabilities and threats, fundamental business analysis, and project management. Skills: Microsoft Azure FedRAMP, Puppet, Artifactory, Django, Riverbed Steelscript, Riverbed SteelCentral NetShark, Vagrant, Chocolatey, MuleSoft, PostgreSQL, JavaScript, BASH Scripting, PowerShell, RHEL, DevOps, Docker, Visual Studio, BeEf, Bucket Finder, TLS-Scan, CeWL, JQ, Masscan, Metasploit/Meterpreter, Zenmap, Nmap, Mimikatz, SpiderFoot, Unshadow + John, Volatility, and personal new favorite: SRUM-Dump. I specialize in providing IT security expertise and guidance in support of security assessments and continuous monitoring for government (FISMA & NIST) and commercial clients. I am comfortable in heterogenous environments with tens of thousands of hosts.