by R.I. Pienaar | Feb 28, 2005 | Usefull Things
FreeBSD has recently added a method for storing large amounts of cidr addresses in a lookup table that can then be matched in a single rule.
I use these on my country blocking to optimize things a bit.
Previously I put a large block of ipfw deny‘s very early up in my rule set and just block it all on everything. This was not optimal since for some IP’s I’d like to keep certain ports open – like port 80. I did not want to have per host block lists since that would mean hosts x 3000 rules. Lookup tables are the answer.
My current setup goes more or less like this:
- General counter rules per jail
- Denies on frequently scanned ports like 1433 – without logging
- Blocks of rules per host – allow TCP, allow UDP, deny TCP, deny UDP, deny ICMP
I am now amending the per host block by adding a single rule above the deny rules that kills off all the traffic from the dodgy countries – without logging it – then I have denies with logging. This keeps my logs reasonably empty of IPFW DENY log entries so I can monitor them easily.
I first create the table, each table is numbered I just chose 1 for my table.
ipfw -q table 1 add 220.228.0.0/15
ipfw -q table 1 add 220.232.64.0/18
ipfw -q table 1 add 220.232.128.0/17
I then simply have to add a single rule for each host which in effect is the equivelant of duplicating all 3000 rules I previously had on a per host basis. Now I can have my port 80’s etc open and still kill off the dodgy traffic without polluting my logs. Perfect.
A sample table rule:
ipfw add 21999 set 15 deny ip from “table(1)” to 1.2.3.4
The quotes around the table(1) are very important since the shell you run the command under may cause havoc with the ()’s. You could alternatively escape the ()’s, example: table\(1\)
by R.I. Pienaar | Feb 22, 2005 | Usefull Things
I have been contemplating rolling out a Jabber server for my employer for a while, I have always been persuaded not to do it by the lack of graphical (web or otherwise) configuration tools for the server.
Ease of user management is key since I do not want to burden my systems administrators with even more silly account management stuff which can easily be done by other people.
After a recent outage on MSN I decided to take another look and came across Jive Messenger. It is a Java 1.5 based Jabber server implementing the XMPP protocol. It has a good web based user and server management tool, I would suggest anyone looking for a corporate IM server take a look at this.
One caveat though is that its SSL implementation does not comply with the current XMPP specification so you may we have issues getting encryption going between client and server. Up side though is the developer community is quite active on their forums and have regular online conferences with users and other developers to find where they should address new features and bug fixes etc.
by R.I. Pienaar | Feb 17, 2005 | Usefull Things
While reading my favorite guide to creating a private CA I noticed it mentions cacert.org.
It is basically a CA like any of the commercial ones, web interface to creating and managing your keys and so forth the only catch is the root key isn’t in the browsers and so forth. It is nice though to do all your keys through them and only have to bother importing a single CA.
Initially your keys will expire after only 6 months but there is a web of trust and a points system that will earn you the right to create longer lasting keys.
by R.I. Pienaar | Feb 5, 2005 | Usefull Things
Via Slashdot I notice that Mozilla has released version 0.2 for Linux, Windows and Mac OS X.
From their page:
Tuesday, February 4th, 2005:
The Sunbird team is proud to announce its first official release: Sunbird 0.2 for Windows, Linux and Mac OS X. You can find builds for the different platforms on our download page.
It is worth checking out if you haven’t yet, never mind the fact that they don’t know what day the 4th of February was ๐
by R.I. Pienaar | Jan 25, 2005 | Usefull Things
A new version of Movable Type has been released to fix a vulnerability that allowed attackers to send mail via your machine. You can get the upgrade here and the changelog is here.
Annoyingly this does not fix the known problem with email notifications not working so this is the 2nd release from Movable Type that has this bug and requires you to fiddle the source to fix it. You can read this forum posting for details of fixing the email bug.
by R.I. Pienaar | Jan 14, 2005 | Usefull Things
There has been some talk in the last while about Project Honeypot. Their aim is to provide addresses on websites for email harvesters to get in order to catch them. The addresses that get served up are unique for each visitor, so should one of them receive spam they will know which IP is to blame for the harvesting.
Some articles mentioning them are on tech:knowledge and on Security Focus, read those for a much better overview of what is going on, also check out their FAQ.
I signed up, so should you.
