bsd.b3ta.org
Yet another *nix admin blog

We are pleased to release Hex LiveCD 1.0.1 to address boot performance and javascript issue on firefox. This build should be perfect version for FreeBSD 6.2-stable based Hex LiveCD. We will go 7.x and unionfs (hopefully) for next release.

Download link:

http://bsd.ipv6.la/hex-i386-1.0.1.iso
http://bsd.ipv6.la/hex-i386-1.0.1.iso.md5
http://bsd.ipv6.la/hex-i386-1.0.1.iso.sha256

Please let us have your feedback if you tried it out.

Official site and details:
http://www.rawpacket.org/
http://groups.google.com/group/HeX-liveCD

That’s right. Today is the big day for us at Rawpacket to release our Network Security Monitoring & Network Based Forensics Centric liveCD - HeX version 1.0 Release. See details on geek00l’s blog.

Our (xwings and I) poor, _soon_to_be_removed_ webserver box at Brickfields netmyne datacentre was under DDOS attacked this morning around 11:30am MYT. The box with 512MB of RAM running FreeBSD survived the attack. However, system resources were running extremely low. More than 100 instances of httpd were running! The system was extremely busy and lag. It barely responded to my ssh connection request.

My pf rule’s stateful tracking limit seemed to be too lenient and not suitable for the box with low system resource.

pass in quick on $netif inet proto tcp from any to ($netif) port {80, 443}
   \ keep state(source-track, max-src-states 100, max-src-nodes 999}

I have decided to head on to more aggressive approach, with use of pf max-src-conn-rate, table and filtering.

table  persist
block in quick on $netif from 
pass in quick on $netif inet proto tcp from any to ($netif) port {80, 443}
   \ keep state(max-src-conn 100, max-src-rate 15/5, overload  flush}

After stopping all httpd instances, I loaded new pf rule. pfctl -f /etc/pf.conf. It worked nicely. table was full of sons/daughters of bitch’s IP addresses.

pfctl -t dos -T show
221.194.136.38
220.181.19.176
72.232.190.82
61.135.162.18
202.190.250.2
64.26.63.19


Happy and back to sleep again. Grow up, kids! Shame on you. You couldn’t even kill a poor little box with 512MB of RAM! But thanks anyway for helping me to test area where I overlooked.

White Papers for Success
Decisions related to web hosting should be taken after going through the current web hosting review. Having an old record of past webhosting review magazines might help a bit. For services like ix web hosting and powweb however, one does not need to go through reviews.

Another way of fighting images spam is by Realtime Black List lookup. This tactic is probably one of method which is inexpensive to server resource.

With postfix, you could just add reject_rbl_client images.rbl.msrbl.net to smtpd_client_restrictions section of postfix’s main.cf.

For instance:

smtpd_client_restrictions = permit_mynetworks,
    reject_rbl_client images.rbl.msrbl.net,
    ….

For qmail, you could just add -r images.rbl.msrbl.net as tcpserver option of your qmail smtp startup script.

Note : images.rbl.msrbl.net - Hosts found sending mail contaning spam images. Check out MSRBL for more info.

On my previous post, I have discussed some of the anti image/PDF spam. I have tried clamav with Sanesecurity’s phishing and scam signatures.

On FreeBSD, I downloaded update shell script by Dan Larsson and made a slight modification as I do not wish to install/use rsync on production servers just to download signature files. I have added these two lines to update shell script under “http_source_urls” and commented out “rsync_source_urls“.

http://download.mirror.msrbl.com/MSRBL-Images.hdb

http://download.mirror.msrbl.com/MSRBL-SPAM.ndb

http_source_urls="
   http://www.sanesecurity.com/clamav/phishsigs/phish.ndb.gz
   http://www.sanesecurity.com/clamav/scamsigs/scam.ndb.gz
   http://clamav.securiteinfo.com/vx.hdb.gz
   http://download.mirror.msrbl.com/MSRBL-SPAM.ndb
   http://download.mirror.msrbl.com/MSRBL-Images.hdb
   http://www.malware.com.br/cgi/submit?action=list_clamav,fetch_interval=86400,target_file=mbl.db

"#rsync_source_urls="
#   rsync://rsync.mirror.msrbl.com/msrbl/MSRBL-Images.hdb
#   rsync://rsync.mirror.msrbl.com/msrbl/MSRBL-SPAM.ndb
#"

(more…)

A lot of spam image/PDFs were slipping through my office MXs since this spamming technique has gained its popularity and it was getting really out of hands. I have decided to put an end to this madness and experimented various tactics to curb image/PDF spam. Generally, this can be achieved with spam scoring from SpamAssassin or clamav via Sanesecurity’s Phishing and Scam Signatures for ClamAV.

On this post, I will share some of the tactics that I have tried with SpamAssassin. With SpamAssassin, fighting image/PDF spam was trivial.

(more…)

Here is the beta3 of Hex LiveCD. This version includes bug fix for bsdinstaller after installation routine task i.e. chown for analyzt home dir, ports upgraded as at 27th August 2007 and inclusion of afterglow and chaosreader ports.

http://bsd.ipv6.la/hex-i386-1.0beta3-20070828.iso

http://bsd.ipv6.la/hex-i386-1.0beta3-20070828.iso.md5

http://bsd.ipv6.la/hex-i386-1.0beta3-20070828.iso.sha256

Please try out and catch some bugs. Thanks.

Previously on my post on pidgin msn switch error, a lot of pidgin users were affected by the bug/defect. However, there are simple workaround suggested.

1. edit your msn account information

2. click on the advanced tab

3. clear “use HTTP method”

4. make proxy type: no proxy.

Well, it works for me. This won’t help in corporate network environment though. (Outgoing connection on port 1836 is not commonly allowed).

In case you are using Pidgin and using “HTTP method” (In fact that is the only way to get connected to MSN), you might find that you are not able to send message to your friends. You will always get this error message whenever you try to send them message. “Message could not be sent because a connection error occurred:“.

Guess have to wait for next update of pidgin. There is an open ticket on this issue 4 days ago.

White Papers for Success
The free web hosting services may not be able to provide the best email hosting, but they certainly deliver the job. For effective web hosting, ignoring such flaws is important. With the advent of wireless internet, everyone is claiming to provide dedicated hosting, and it is up to us to pick up the best service.

Beta2 version of Hex LiveCD which integrated bsdinstaller is on the way. ISO build was completed. However, it is currently being tested intensively. We will release it when all tests are completed probably within this week. So stay tuned.

BTW, you probably have seen similar post on Hex LiveCD cover design on geek00l’s blog. There are another 2 designs by Vickson which were not used. But I think they are kinda cute (I like the monkey!). Typo on “FreeBSD” though…
1) Colourful design

2) Purple design

3) Devilish design

Awesome design by Vickson.