Home/Writings/Security

Building a TCP Honeypot

Notes from designing a small service that watches hostile network behavior without trusting it.

Figure 1A working loop for technical inquiry: observe the system, reason about its constraints, and build to test the model.

A honeypot is a strange kind of server. Its job is not to serve legitimate users quickly. Its job is to look ordinary enough to invite interaction, then record that interaction without giving the attacker a useful foothold.

The first constraint is isolation. Every parser, timeout, banner, and log path needs to be built with the assumption that the remote peer is trying to learn something or trigger a mistake. Boring defensive code is the feature.

The second constraint is measurement. Raw connection counts are easy to collect and easy to misunderstand. The useful signal is in timing, command sequences, repeated fingerprints, and how behavior changes when the service responds differently.

Continue reading
Networking · 7 min read

Subnetting Finally Clicked When I Stopped Memorizing It

For years I treated subnetting as a collection of formulas. It only started making sense when I stopped memorizing rules and started seeing address space as blocks.

Read note
Distributed Systems · 16 min read

How We Taught a Scheduler to Predict the Future

The engineering realities of building adaptive prioritization, predictive runtime modeling, and resilient coordination on top of PostgreSQL and why most simple queues fail under real workloads.

Read note
Distributed Systems · 11 min read

Lessons from My First Distributed System

The small surprises that appear when a program stops living in one process.

Read note