👨‍💻

In college, one of my favorite classes in college was a cloud networking class where we did a lot of work with programmable switches using P4, a domain-specific language for networking devices like routers and switches. The language was very limited in that you could not have loops or even do simple tasks like division, but these limitations allowed you to process packets at line rate. Using P4 to write custom switch logic, creative researchers have recently been able to figure out how to do a lot of interesting things like accelerate SQL queries or load balance servers. I recently found out about Varnish and the Varnish Configuration Language (VCL), and it reminds me of P4. While switches deal with data on the network layer, a Varnish cache deals with HTTP requests on the application layer data. While programmable switches run P4, a domain-specific language that has limits in order to keep code fast, Varnish caches can run VCL, a domain-specific language that is also similarly limited...

In this entry about the Mirai botnet, we'll begin by entering the main parts of the Mirai botnet code that set it apart from most botnets of its day. In this portion of the code, the beginning of the "Main logic loop", it sends out SCANNER_RAW_PPS (160) SYN packets to random IP addresses around the world. This is the first stage of what is known as SYN scanning. // Main logic loop while (TRUE) { // (A) fd_set fdset_rd, fdset_wr; struct scanner_connection *conn; struct timeval tim; int last_avail_conn, last_spew, mfd_rd = 0, mfd_wr = 0, nfds; // (B) // Spew out SYN to try and get a response if (fake_time != last_spew) { last_spew = fake_time; // (C) for (i = 0; i < SCANNER_RAW_PPS; i++) { struct sockaddr_in paddr = {0}; struct iphdr *iph = (struct iphdr *)scanner_rawpkt; struct tcphdr *tcph...