I have this theory: cooking is actually pretty easy and most dishes have a wide range of good outcomes. But it's sold as hard with "secret recipes" and "food crimes" and "Dad burned water again". But it's really not that hard!

And that's why the huge industry of low-effort recipe websites and cooking YouTube exists - almost everyone can do it, and when it turns out well people think they know some secret. It's also really easy to use affiliate links.

New blog post: Running your own Autonomous System on FreeBSD.

Got an AS number and IPv6 /48 via RIPE, set up a FreeBSD BGP router with FRR, two upstreams, and built GRE/GIF tunnels ti bring my own globally routable addresses to servers at different providers.

The interesting part: dual-FIB policy routing lets FreeBSD jails speak from both provider and BGP addresses simultaneously.

https://blog.hofstede.it/running-your-own-as-bgp-on-freebsd-with-frr-gre-tunnels-and-policy-routing/

#FreeBSD #BGP #IPv6 #Networking #SelfHosted

A few days ago, a client’s data center (well, actually a server room) "vanished" overnight. My monitoring showed that all devices were unreachable. Not even the ISP routers responded, so I assumed a sudden connectivity drop. The strange part? Not even via 4G.

I then suspected a power failure, but the UPS should have sent an alert.

The office was closed for the holidays, but I contacted the IT manager anyway. He was home sick with a serious family issue, but he got moving.

To make a long story short: the company deals in gold and precious metals. They have an underground bunker with two-meter thick walls. They were targeted by a professional gang. They used a tactic seen in similar hits: they identify the main power line, tamper with it at night, and send a massive voltage spike through it.

The goal is to fry all alarm and surveillance systems. Even if battery-backed, they rarely survive a surge like that. Thieves count on the fact that during holidays, owners are away and fried systems can't send alerts. Monitoring companies often have reduced staff and might not notice the "silence" immediately.

That is exactly what happened here. But there is a "but": they didn't account for my Uptime Kuma instance monitoring their MikroTik router, installed just weeks ago. Since it is an external check, it flagged the lack of response from all IPs without needing an internal alert to be triggered from the inside.

The team rushed to the site and found the mess. Luckily, they found an emergency electrical crew to bypass the damage and restore the cameras and alarms. They swapped the fried server UPS with a spare and everything came back up.

The police warned that the chances of the crew returning the next night to "finish" the job were high, though seeing the systems back online would likely make them move on. They also warned that thieves sometimes break in just to destroy servers to wipe any video evidence.

Nothing happened in the end. But in the meantime, I had to sync all their data off-site (thankfully they have dual 1Gbps FTTH), set up an emergency cluster, and ensure everything was redundant.

Never rely only on internal monitoring. Never.

#IT #SysAdmin #HorrorStories #ITHorrorStories #Monitoring

hey fellow #MikroTik enthusiasts,

Lately i have consolidated some network infrastructure. Mainly removing dedicated firewall systems where they did not much more than filtering traffic. A task a RouterOS system can do with ease. But when it comes to High-Availability setups there is a caveat: the old systems kept ruleset, VRRP interfaces, virtual IPs, etc. in-sync. Using a more flexible system, like RouterOS, it's up to YOU to keep the configurations working with each other.

To tackle this challenge I’ve created MikroSync - https://codeberg.org/securitym0nkey/MikroSync

- a tool to synchronize RouterOS configurations
- can run directly on the Router (as a container)
- OpenSource - MIT license

Consider #MikroSync early beta - though I’ve started to use it in a simple production environment.

Happy for any feedback and contributions.