Syndicate content

firewall

Attacks by ZmEu or w00tw00t robots

Who is ZmEu?

An image showing ZmeuThe name Zmeu (no capital E) is the name of a fantastic creature of Romania. There are so many stories that there isn't a clear understanding of what it is... but it is human like, can spit fire and wants to marry young women.

If you're wondering, it is generally a bad guy.

ZmEu Attack

Today, I noticed a lot of traffic on one of my servers. Looking into what was happening, I immediately found out that an attacker was looking for a loophole in that system. That attack was being performed from China.

How to setup a Linux firewall

Introduction

If you setup a Linux box, you want to setup a firewall before you connect your computer to the Internet. If you are setting up a remote server, it should only have the SSH port open. Connect to it, setup the fire, then only install the other servers and open ports as required (and only ports that need to be connected from the outside.)

Any port that you open without the firewall already setup is at risk. You may want to install PHP and along will come a database which may open a port to the Internet. Something that you just don't want to happen.

Setup Firewall

To ...

Setting up my home server with the NVG510 router on AT&T Uverse

My Rant

I got a new router as AT&T forced me to a new product called U-Verse. They are actually forcing all their users to switch to that new systems as the new optic cables are now installed and they probably have a goal to turn off their old infrastructure soon.

The old router I had would generate a gateway on their side. The router was just a router ...

Installing a Nook on my Static IP Network

Barnes and Noble Nook (Electronic device to read books anywhere!)Introduction

Today I was requested by my wife to make her Nook work on our wireless network (she usually can use our neighbors but the connection drops all the time.)

The Nook makes use of DHCP only. So on my static IP address only network, it's kinda not going to work as is! (I must have static IP addresses for security so I can setup a strong firewall.)

So I had to go through a few hoops as follow to get everything to work. Interestingly enough I have not found another website that was talking about such things and their solutions on Linux.

Oh! Wait! Nookers are probably not Linux ...

Linux Firewall "missing" igmp protocol... Watch out on reboot!

I just updated Linux to the newest version for Ubuntu 10.04 and got an error with the firewall...

 * Setting up the firewall iptables...
iptables-restore v1.4.4: Couldn't load match `igmp':/lib/xtables/libipt_igmp.so: ... 
                             ... cannot open shared object file: No such file or directory

The fact is that the iptables code is now using a set of .so files to handle each protocol and it is found in the /lib/xtables folder. And there is no libipt_igmp.so file in there... so you cannot change anything against such packets. That's it...

I tried to use 2 as the

Attack by Bots

Since the ZmEu attack, I've been watching my logs a little closer. I also found a page that I could not read (but Google could and was kind enough to provide a cached version.) That page listed many bots that are not nice bots. So? I decided to block some of them, especially those that use very bad URLs or load many pages too quickly.

The result is that I'm getting more and IP addresses in my firewall. Although they get removed in a schedule that I will not state here, I can tell you that each time I block tenth when not hundredth of useless hits (worst than that at times those could be

Extremely slow pg_connect() call

Got to setup a new server and first got the firewall to where I wanted it to be:

  • Block everything except ssh, Apache, SMTP, a few other things, but really not much more than that.
  • Block everything with IPv6 since we don't use it.

Then I installed Apache and a couple of websites.

The first one finally started to work, but it was so very slow to show up. I checked the code, the database, nothing wrong... And the database is lightning fast! ( in comparison to our previous server that is.)

So I wondered and thought maybe that my Apache firewall is in the way. I turned it ...

A firewall inside Apache

If you are running a webserver, you should use a webserver firewall. This prevents many attacks from being perpetrated on to your servers without the need to make your own applications more complex than necessary.

The idea is very simple, if you have a few people who can edit your data from the Internet and those have a static IP address, you can check that the editor pages are only accessible to those IP addresses. Any other access can simply be blocked.

[toc hidden:1]

gVIM surprise!

What a surprise!

Today, by mistake, I loaded a URL in gVIM instead of my browser. The mind going silly I guess since I had to type :e<space> to load, as usual...

And to my surprised, it loaded something. Yes! It actually sent the necessary HTTP request and shown the reply in my gVIM window!

What does this mean? Well! That means I can check out my websites directly in gVIM to see whether they worked as I expected.

Fantastic! If you ask me... 8-)


Well... I knew that a firewall could generate a few problems, but this one, I did not expect!

I just could not FTP anything from my FedoraCore box. I checked the source system firewall, tweaked all sorts of options in the vsftpd.conf file to no aval.

The error I was getting was this:

Mon Aug 11 21:31:57 2008 [pid 12033] CONNECT: Client "192.168.2.11"
Mon Aug 11 21:31:57 2008 [pid 12032] [alexis] OK LOGIN: Client "192.168.2.11"
Mon Aug 11 21:31:57 2008 [pid 12034] [alexis] FAIL DOWNLOAD: Client "192.168.2.11", \
               "{fullpath to}/ubuntu-8.04.1-server-amd64.iso", 0.00Kbyte/sec

I read that permissions could be wrong. Not the case.

The firewall has some REJECT and DROP rules. None of which would increase when I was getting the FAIL DOWNLOAD message.

The fact was that the FedoraCore system firewall was not accepting the connection. That's why it would fail. I thus opened the firewall a bit by adding a rule like this:

-A INPUT -i eth0 -p tcp -m tcp -s 192.168.2.1 -d 192.168.2.2 --sport 20 -j ACCEPT

Then it finally worked.

Note that I am using FTP in non-passive mode. This is important because I do not want to open "random" ports on my server. There is nothing to control that in vsftpd as far as I know. Which sucks. My company's FTP server will automatically change the firewall and open ports as required. Once the FTP connection ends, the port is closed in the firewall. This means the port is open only very temporarily.

Anyway, all that to say that the message FAIL DOWNLOAD blah means nothing when it could be telling you: could not connect to client. At least that way you'd know right away what's wrong.

Well... I knew that a firewall could generate a few problems, but this one, I did not expect!

I just could not FTP anything from my FedoraCore box. I checked the source system firewall, tweaked all sorts of options in the vsftpd.conf file to no aval.

The error I was getting was this:

Mon Aug 11 21:31:57 2008 [pid 12033] CONNECT: Client "192.168.2.11"
Mon Aug 11 21:31:57 2008 [pid 12032] [alexis] OK LOGIN: Client "192.168.2.11"
Mon Aug 11 21:31:57 2008 [pid 12034] [alexis] FAIL DOWNLOAD: Client "192.168.2.11", \
               "{fullpath to}/ubuntu-8.04.1-server-amd64.iso", 0.00Kbyte/sec

I read that permissions could be wrong. Not the case.

The firewall has some REJECT and DROP rules. None of which would increase when I was getting the FAIL DOWNLOAD message.

The fact was that the FedoraCore system firewall was not accepting the connection. That's why it would fail. I thus opened the firewall a bit by adding a rule like this:

-A INPUT -i eth0 -p tcp -m tcp -s 192.168.2.1 -d 192.168.2.2 --sport 20 -j ACCEPT

Then it finally worked.

Note that I am using FTP in non-passive mode. This is important because I do not want to open "random" ports on my server. There is nothing to control that in vsftpd as far as I know. Which sucks. My company's FTP server will automatically change the firewall and open ports as required. Once the FTP connection ends, the port is closed in the firewall. This means the port is open only very temporarily.

Anyway, all that to say that the message FAIL DOWNLOAD blah means nothing when it could be telling you: could not connect to client. At least that way you'd know right away what's wrong.

Well... I knew that a firewall could generate a few problems, but this one, I did not expect!

I just could not FTP anything from my FedoraCore box. I checked the source system firewall, tweaked all sorts of options in the vsftpd.conf file to no aval.

The error I was getting was this:

Mon Aug 11 21:31:57 2008 [pid 12033] CONNECT: Client "192.168.2.11"
Mon Aug 11 21:31:57 2008 [pid 12032] [alexis] OK LOGIN: Client "192.168.2.11"
Mon Aug 11 21:31:57 2008 [pid 12034] [alexis] FAIL DOWNLOAD: Client "192.168.2.11", \
               "{fullpath to}/ubuntu-8.04.1-server-amd64.iso", 0.00Kbyte/sec

I read that permissions could be wrong. Not the case.

The firewall has some REJECT and DROP rules. None of which would increase when I was getting the FAIL DOWNLOAD message.

The fact was that the FedoraCore system firewall was not accepting the connection. That's why it would fail. I thus opened the firewall a bit by adding a rule like this:

-A INPUT -i eth0 -p tcp -m tcp -s 192.168.2.1 -d 192.168.2.2 --sport 20 -j ACCEPT

Then it finally worked.

Note that I am using FTP in non-passive mode. This is important because I do not want to open "random" ports on my server. There is nothing to control that in vsftpd as far as I know. Which sucks. My company's FTP server will automatically change the firewall and open ports as required. Once the FTP connection ends, the port is closed in the firewall. This means the port is open only very temporarily.

Anyway, all that to say that the message FAIL DOWNLOAD blah means nothing when it could be telling you: could not connect to client. At least that way you'd know right away what's wrong.

FTP not working?!

Well... I knew that a firewall could generate a few problems, but this one, I did not expect!

I just could not FTP anything from my FedoraCore box. I checked the source system firewall, tweaked all sorts of options in the vsftpd.conf file to no aval.

The error I was getting was this:

Syndicate content Syndicate content

Diverse Realty

Diverse Realty Team

Want a New Home?
Want to Sell Your House?

Call Alex at
+1 (916)
220 6482

Alexis Wilke, Realtor
Salesperson
Lic. # 02024063

Cory Marcus, Broker
Lic. # 01079165

     

Terms of Site Index

Find the page/content you are looking for with our index.